blob: 05d144aafc5a01ee26b5c988632363f35b746d89 [file] [log] [blame]
{
"schema_version": "1.3.1",
"id": "GO-2022-0957",
"modified": "0001-01-01T00:00:00Z",
"published": "2022-08-25T06:28:20Z",
"aliases": [
"CVE-2020-36066",
"GHSA-wjm3-fq3r-5x46"
],
"summary": "Denial of service via maliciously crafted JSON in github.com/tidwall/gjson",
"details": "A maliciously crafted JSON input can cause a denial of service attack.",
"affected": [
{
"package": {
"name": "github.com/tidwall/gjson",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.5"
}
]
}
],
"ecosystem_specific": {
"imports": [
{
"path": "github.com/tidwall/gjson",
"symbols": [
"Get",
"GetBytes",
"GetMany",
"GetManyBytes",
"Result.Get",
"parseObject",
"queryMatches"
]
}
]
}
}
],
"references": [
{
"type": "FIX",
"url": "https://github.com/tidwall/match/commit/c2f534168b739a7ec1821a33839fb2f029f26bbc"
},
{
"type": "WEB",
"url": "https://github.com/tidwall/gjson/commit/9f58baa7a613f89dfdc764c39e47fd3a15606153"
},
{
"type": "WEB",
"url": "https://github.com/tidwall/gjson/issues/195"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2022-0957",
"review_status": "REVIEWED"
}
}