apk package
chainguard/ruby3.3-fluentd-kubernetes-daemonset-1.19-kinesis
pkg:apk/chainguard/ruby3.3-fluentd-kubernetes-daemonset-1.19-kinesis
Vulnerabilities (15)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-54905 | low | — | < 1.19.3.1.0-r0 | 1.19.3.1.0-r0 | Jun 19, 2026 | ### Summary `Concurrent::ReentrantReadWriteLock` can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The lock stores a thread's local read and write hold counts in one integer. The low 15 bits are used for the read hold count, and bit 15 is u | |
| CVE-2026-54904 | hig | — | < 1.19.3.1.0-r0 | 1.19.3.1.0-r0 | Jun 19, 2026 | ### Summary `Concurrent::AtomicReference#update` can enter a permanent busy retry loop when the current value is `Float::NAN`. The issue is caused by the interaction between: - `AtomicReference#update`, which retries until `compare_and_set(old_value, new_value)` succeeds. - Nume | |
| CVE-2026-54903 | hig | — | < 1.19.3.1.0-r0 | 1.19.3.1.0-r0 | Jun 19, 2026 | ### Summary `Oj.load` is vulnerable to heap corruption when parsing a JSON string longer than 2 GB. An integer overflow in `buf_append_string` (`buf.h:61`) converts the string length to a large negative `size_t`, causing `memcpy` to copy an astronomically large amount of data ou | |
| CVE-2026-54902 | hig | — | < 1.19.3.1.0-r0 | 1.19.3.1.0-r0 | Jun 19, 2026 | ### Summary `Oj::Parser` in SAJ mode does not protect cached object keys (≥ 35 bytes) from garbage collection. A Ruby callback that triggers GC inside `hash_end` can cause the key string to be reclaimed while the C parser still holds a pointer to it. The subsequent access to the | |
| CVE-2026-54901 | hig | — | < 1.19.3.1.0-r0 | 1.19.3.1.0-r0 | Jun 19, 2026 | ### Summary `Oj::Parser` in usual mode does not mark `array_class` and `hash_class` references during garbage collection. If GC runs after the class is assigned but before a parse, the class object is reclaimed, leaving the parser holding a dangling VALUE. The subsequent `parse` | |
| CVE-2026-54900 | hig | — | < 1.19.3.1.0-r0 | 1.19.3.1.0-r0 | Jun 19, 2026 | ### Summary `Oj::Parser#parse` in usual mode with `create_id` enabled is vulnerable to heap corruption via a negative-size `memcpy`. When a JSON object key is exactly 65,535 bytes long, an integer truncation in `form_attr` (`usual.c:63`) converts the length to `-1` before passin | |
| CVE-2026-54898 | hig | — | < 1.19.3.1.0-r0 | 1.19.3.1.0-r0 | Jun 19, 2026 | ### Summary `Oj::Parser#parse` is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw `const byte *` pointer into the Ruby string's internal buffer. If a callback (e.g. `hash_start`) resizes the stri | |
| CVE-2026-54897 | hig | — | < 1.19.3.1.0-r0 | 1.19.3.1.0-r0 | Jun 19, 2026 | ### Summary `Oj::Doc` iterators (`each_value`, `each_child`, `each_leaf`) are vulnerable to a heap use-after-free. When a Ruby block yielded during iteration calls `doc.close` or `d.close`, the document's heap memory is freed while the C iterator is still running. When control r | |
| CVE-2026-54896 | hig | — | < 1.19.3.1.0-r0 | 1.19.3.1.0-r0 | Jun 19, 2026 | ### Summary `Oj.dump` in object mode is vulnerable to a heap buffer overflow when serializing Exception objects with a large `:indent` value. The serializer allocates a buffer sized for the object's attributes but does not account for the indent bytes added on each write. With ` | |
| CVE-2026-54592 | hig | — | < 1.19.3.1.0-r0 | 1.19.3.1.0-r0 | Jun 19, 2026 | ### Summary `Oj::Doc#each_child`, when invoked recursively over a deeply nested JSON document, overflows a fixed-size stack buffer and aborts the process. This is a denial of service reachable from untrusted JSON. ### Details Two-step chain in `ext/oj/fast.c`: 1. **`doc_each_ | |
| CVE-2026-54500 | — | < 1.19.3.1.0-r0 | 1.19.3.1.0-r0 | Jun 19, 2026 | ### Summary `Oj.load` in `:object` mode reads uninitialized stack memory (and, for long keys, reads out of bounds) when parsing a JSON object whose key is 254 bytes or longer. The interned bytes can surface to the caller, disclosing process stack memory. ### Details In `ext/oj | ||
| CVE-2026-54502 | hig | — | < 1.19.3.1.0-r0 | 1.19.3.1.0-r0 | Jun 19, 2026 | ### Summary `Oj.dump` is vulnerable to a stack-based buffer overflow when a large `:indent` value is provided by the developer. `fill_indent` in `dump.h` calls `memset(indent_str, ' ', (size_t)opts->indent)` without validating the size. When `opts->indent` is set to `INT_MAX` (2 | |
| CVE-2026-54899 | hig | — | < 1.19.3.1.0-r0 | 1.19.3.1.0-r0 | Jun 19, 2026 | ### Summary Disabling `symbol_keys` on a reused `Oj::Parser` instance triggers a heap use-after-free. When `symbol_keys` is toggled from `true` to `false`, `opt_symbol_keys_set` frees the internal key cache (`cache_free`) but does not clear the pointer. The next `parse` call rea | |
| CVE-2026-35611 | Hig | 7.5 | < 1.19.2.1.4-r0 | 1.19.2.1.4-r0 | Apr 7, 2026 | Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic b | |
| CVE-2026-33210 | — | < 1.19.2.1.3-r0 | 1.19.2.1.3-r0 | Mar 20, 2026 | Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allow_duplicate_key: false parsing option is used |
- affected < 1.19.3.1.0-r0fixed 1.19.3.1.0-r0
### Summary `Concurrent::ReentrantReadWriteLock` can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The lock stores a thread's local read and write hold counts in one integer. The low 15 bits are used for the read hold count, and bit 15 is u
- affected < 1.19.3.1.0-r0fixed 1.19.3.1.0-r0
### Summary `Concurrent::AtomicReference#update` can enter a permanent busy retry loop when the current value is `Float::NAN`. The issue is caused by the interaction between: - `AtomicReference#update`, which retries until `compare_and_set(old_value, new_value)` succeeds. - Nume
- affected < 1.19.3.1.0-r0fixed 1.19.3.1.0-r0
### Summary `Oj.load` is vulnerable to heap corruption when parsing a JSON string longer than 2 GB. An integer overflow in `buf_append_string` (`buf.h:61`) converts the string length to a large negative `size_t`, causing `memcpy` to copy an astronomically large amount of data ou
- affected < 1.19.3.1.0-r0fixed 1.19.3.1.0-r0
### Summary `Oj::Parser` in SAJ mode does not protect cached object keys (≥ 35 bytes) from garbage collection. A Ruby callback that triggers GC inside `hash_end` can cause the key string to be reclaimed while the C parser still holds a pointer to it. The subsequent access to the
- affected < 1.19.3.1.0-r0fixed 1.19.3.1.0-r0
### Summary `Oj::Parser` in usual mode does not mark `array_class` and `hash_class` references during garbage collection. If GC runs after the class is assigned but before a parse, the class object is reclaimed, leaving the parser holding a dangling VALUE. The subsequent `parse`
- affected < 1.19.3.1.0-r0fixed 1.19.3.1.0-r0
### Summary `Oj::Parser#parse` in usual mode with `create_id` enabled is vulnerable to heap corruption via a negative-size `memcpy`. When a JSON object key is exactly 65,535 bytes long, an integer truncation in `form_attr` (`usual.c:63`) converts the length to `-1` before passin
- affected < 1.19.3.1.0-r0fixed 1.19.3.1.0-r0
### Summary `Oj::Parser#parse` is vulnerable to a heap use-after-free when a SAJ/SAJ2 callback mutates the input JSON string during parsing. The C engine holds a raw `const byte *` pointer into the Ruby string's internal buffer. If a callback (e.g. `hash_start`) resizes the stri
- affected < 1.19.3.1.0-r0fixed 1.19.3.1.0-r0
### Summary `Oj::Doc` iterators (`each_value`, `each_child`, `each_leaf`) are vulnerable to a heap use-after-free. When a Ruby block yielded during iteration calls `doc.close` or `d.close`, the document's heap memory is freed while the C iterator is still running. When control r
- affected < 1.19.3.1.0-r0fixed 1.19.3.1.0-r0
### Summary `Oj.dump` in object mode is vulnerable to a heap buffer overflow when serializing Exception objects with a large `:indent` value. The serializer allocates a buffer sized for the object's attributes but does not account for the indent bytes added on each write. With `
- affected < 1.19.3.1.0-r0fixed 1.19.3.1.0-r0
### Summary `Oj::Doc#each_child`, when invoked recursively over a deeply nested JSON document, overflows a fixed-size stack buffer and aborts the process. This is a denial of service reachable from untrusted JSON. ### Details Two-step chain in `ext/oj/fast.c`: 1. **`doc_each_
- CVE-2026-54500Jun 19, 2026affected < 1.19.3.1.0-r0fixed 1.19.3.1.0-r0
### Summary `Oj.load` in `:object` mode reads uninitialized stack memory (and, for long keys, reads out of bounds) when parsing a JSON object whose key is 254 bytes or longer. The interned bytes can surface to the caller, disclosing process stack memory. ### Details In `ext/oj
- affected < 1.19.3.1.0-r0fixed 1.19.3.1.0-r0
### Summary `Oj.dump` is vulnerable to a stack-based buffer overflow when a large `:indent` value is provided by the developer. `fill_indent` in `dump.h` calls `memset(indent_str, ' ', (size_t)opts->indent)` without validating the size. When `opts->indent` is set to `INT_MAX` (2
- affected < 1.19.3.1.0-r0fixed 1.19.3.1.0-r0
### Summary Disabling `symbol_keys` on a reused `Oj::Parser` instance triggers a heap use-after-free. When `symbol_keys` is toggled from `true` to `false`, `opt_symbol_keys_set` frees the internal key cache (`cache_free`) but does not clear the pointer. The next `parse` call rea
- affected < 1.19.2.1.4-r0fixed 1.19.2.1.4-r0
Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic b
- CVE-2026-33210Mar 20, 2026affected < 1.19.2.1.3-r0fixed 1.19.2.1.3-r0
Ruby JSON is a JSON implementation for Ruby. From version 2.14.0 to before versions 2.15.2.1, 2.17.1.2, and 2.19.2, a format string injection vulnerability can lead to denial of service attacks or information disclosure, when the allow_duplicate_key: false parsing option is used