blob: 41881d06e0d95b3ce8bb50371d34cdd4f28dc452 [file] [log] [blame]
id: GO-2021-0265
modules:
- module: github.com/tidwall/gjson
versions:
- fixed: 1.9.3
vulnerable_at: 1.9.2
packages:
- package: github.com/tidwall/gjson
symbols:
- parseObject
- queryMatches
derived_symbols:
- Get
- GetBytes
- GetMany
- GetManyBytes
- Result.Get
summary: Denial of service via maliciously crafted path in github.com/tidwall/gjson
description: |-
A maliciously crafted path can cause Get and other query functions to consume
excessive amounts of CPU and time.
published: 2022-08-15T18:06:07Z
cves:
- CVE-2021-42248
- CVE-2021-42836
ghsas:
- GHSA-c9gm-7rfj-8w5h
- GHSA-ppj4-34rq-v8j9
references:
- fix: https://github.com/tidwall/gjson/commit/77a57fda87dca6d0d7d4627d512a630f89a91c96
- web: https://github.com/tidwall/gjson/issues/237
- web: https://github.com/tidwall/gjson/issues/236
- web: https://github.com/tidwall/gjson/commit/590010fdac311cc8990ef5c97448d4fec8f29944
review_status: REVIEWED