blob: 635fb4224d6ddb5acb16d29633d52b131ec17a84 [file] [log] [blame]
packages:
- module: github.com/buger/jsonparser
symbols:
- findKeyStart
versions:
- fixed: 0.0.0-20200321185410-91ac96899e49
description: |
Parsing malformed JSON which contain opening brackets, but not closing brackets,
leads to an infinite loop. If operating on untrusted user input this can be
used as a denial of service vector.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2020-10675
ghsas:
- GHSA-rmh2-65xw-9m6q
credit: Cong Wang
links:
pr: https://github.com/buger/jsonparser/pull/192
commit: https://github.com/buger/jsonparser/commit/91ac96899e492584984ded0c8f9a08f10b473717
context:
- https://github.com/buger/jsonparser/issues/188