blob: 36ffb25a84a6474339b17166a5969b534b9cdcb5 [file] [log] [blame]
id: GO-2021-0089
modules:
- module: github.com/buger/jsonparser
versions:
- fixed: 1.0.0
vulnerable_at: 0.0.0-20191204142016-1a29609e0929
packages:
- package: github.com/buger/jsonparser
symbols:
- findKeyStart
derived_symbols:
- Delete
summary: Infinite loop in github.com/buger/jsonparser
description: |-
Parsing malformed JSON which contain opening brackets, but not closing brackets,
leads to an infinite loop. If operating on untrusted user input this can be used
as a denial of service vector.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2020-10675
ghsas:
- GHSA-rmh2-65xw-9m6q
credits:
- Cong Wang
references:
- fix: https://github.com/buger/jsonparser/pull/192
- fix: https://github.com/buger/jsonparser/commit/91ac96899e492584984ded0c8f9a08f10b473717
- web: https://github.com/buger/jsonparser/issues/188