data/osv/GO-2022-0957.json

{
  "schema_version": "1.3.1",
  "id": "GO-2022-0957",
  "modified": "0001-01-01T00:00:00Z",
  "published": "2022-08-25T06:28:20Z",
  "aliases": [
    "CVE-2020-36066",
    "GHSA-wjm3-fq3r-5x46"
  ],
  "summary": "Denial of service via maliciously crafted JSON in github.com/tidwall/gjson",
  "details": "A maliciously crafted JSON input can cause a denial of service attack.",
  "affected": [
    {
      "package": {
        "name": "github.com/tidwall/gjson",
        "ecosystem": "Go"
      },
      "ranges": [
        {
          "type": "SEMVER",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.6.5"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "imports": [
          {
            "path": "github.com/tidwall/gjson",
            "symbols": [
              "Get",
              "GetBytes",
              "GetMany",
              "GetManyBytes",
              "Result.Get",
              "parseObject",
              "queryMatches"
            ]
          }
        ]
      }
    }
  ],
  "references": [
    {
      "type": "FIX",
      "url": "https://github.com/tidwall/match/commit/c2f534168b739a7ec1821a33839fb2f029f26bbc"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tidwall/gjson/commit/9f58baa7a613f89dfdc764c39e47fd3a15606153"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tidwall/gjson/issues/195"
    }
  ],
  "database_specific": {
    "url": "https://pkg.go.dev/vuln/GO-2022-0957"
  }
}