modules: | |
- module: github.com/tidwall/gjson | |
versions: | |
- fixed: 1.6.6 | |
vulnerable_at: 1.6.5 | |
packages: | |
- package: github.com/tidwall/gjson | |
symbols: | |
- unwrap | |
derived_symbols: | |
- Result.ForEach | |
description: | | |
Due to improper bounds checking, maliciously crafted JSON objects | |
can cause an out-of-bounds panic. If parsing user input, this may | |
be used as a denial of service vector. | |
published: 2021-04-14T20:04:52Z | |
cves: | |
- CVE-2020-36067 | |
ghsas: | |
- GHSA-p64j-r5f4-pwwx | |
credit: '@toptotu' | |
references: | |
- fix: https://github.com/tidwall/gjson/commit/bf4efcb3c18d1825b2988603dea5909140a5302b | |
- web: https://github.com/tidwall/gjson/issues/196 |