blob: b66309fa66642ec655694398e2f8df25a3e00224 [file] [log] [blame]
id: GO-2021-0059
modules:
- module: github.com/tidwall/gjson
versions:
- fixed: 1.6.4
vulnerable_at: 1.6.3
packages:
- package: github.com/tidwall/gjson
symbols:
- squash
derived_symbols:
- Get
- GetBytes
- GetMany
- GetManyBytes
- Result.Array
- Result.Get
- Result.Map
- Result.Value
summary: Panic due to improper input validation in Get in github.com/tidwall/gjson
description: |-
Due to improper bounds checking, maliciously crafted JSON objects can cause an
out-of-bounds panic. If parsing user input, this may be used as a denial of
service vector.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2020-35380
ghsas:
- GHSA-w942-gw6m-p62c
credits:
- '@toptotu'
references:
- fix: https://github.com/tidwall/gjson/commit/f0ee9ebde4b619767ae4ac03e8e42addb530f6bc
- web: https://github.com/tidwall/gjson/issues/192
review_status: REVIEWED