blob: d9fa197fc822249060da1a66c54536ae76679075 [file] [log] [blame]
id: GO-2021-0054
modules:
- module: github.com/tidwall/gjson
versions:
- fixed: 1.6.6
vulnerable_at: 1.6.5
packages:
- package: github.com/tidwall/gjson
symbols:
- unwrap
derived_symbols:
- Result.ForEach
summary: Panic due to improper input validation in github.com/tidwall/gjson
description: |-
Due to improper bounds checking, maliciously crafted JSON objects can cause an
out-of-bounds panic. If parsing user input, this may be used as a denial of
service vector.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2020-36067
ghsas:
- GHSA-p64j-r5f4-pwwx
credits:
- '@toptotu'
references:
- fix: https://github.com/tidwall/gjson/commit/bf4efcb3c18d1825b2988603dea5909140a5302b
- web: https://github.com/tidwall/gjson/issues/196