reports/GO-2021-0054.yaml - vulndb - Git at Google

 module: github.com/tidwall/gjson
 versions:
   - fixed: v1.6.6
 description: |
     Due to improper bounds checking, maliciously crafted JSON objects
     can cause an out-of-bounds panic. If parsing user input, this may
     be used as a denial of service vector.
 cves:
   - CVE-2020-36067
 credit: '@toptotu'
 symbols:
   - unwrap
 links:
     commit: https://github.com/tidwall/gjson/commit/bf4efcb3c18d1825b2988603dea5909140a5302b
     context:
       - https://github.com/tidwall/gjson/issues/196
	module: github.com/tidwall/gjson
	versions:
	- fixed: v1.6.6
	description: \|
	Due to improper bounds checking, maliciously crafted JSON objects
	can cause an out-of-bounds panic. If parsing user input, this may
	be used as a denial of service vector.
	cves:
	- CVE-2020-36067
	credit: '@toptotu'
	symbols:
	- unwrap
	links:
	commit: https://github.com/tidwall/gjson/commit/bf4efcb3c18d1825b2988603dea5909140a5302b
	context:
	- https://github.com/tidwall/gjson/issues/196