blob: 54c3d0a70cf3c2a7bc96597e9e1724a4ae509387 [file] [log] [blame]
module: github.com/evanphx/json-patch
versions:
- fixed: v0.5.2
description: |
A malicious JSON patch can cause a panic due to an out-of-bounds
write attempt. This can be used as a denial of service vector if
exposed to arbitary user input.
published: 2021-04-14T12:00:00Z
cve: CVE-2018-14632
symbols:
- partialArray.add
links:
pr: https://github.com/evanphx/json-patch/pull/57
commit: https://github.com/evanphx/json-patch/commit/4c9aadca8f89e349c999f04e28199e96e81aba03