data/reports/GO-2021-0265.yaml - vulndb - Git at Google

 id: GO-2021-0265
 modules:
     - module: github.com/tidwall/gjson
       versions:
         - fixed: 1.9.3
       vulnerable_at: 1.9.2
       packages:
         - package: github.com/tidwall/gjson
           symbols:
             - parseObject
             - queryMatches
           derived_symbols:
             - Get
             - GetBytes
             - GetMany
             - GetManyBytes
             - Result.Get
 summary: Denial of service in github.com/tidwall/gjson
 description: |-
     A maliciously crafted path can cause Get and other query functions to consume
     excessive amounts of CPU and time.
 published: 2022-08-15T18:06:07Z
 cves:
     - CVE-2021-42248
     - CVE-2021-42836
 ghsas:
     - GHSA-c9gm-7rfj-8w5h
     - GHSA-ppj4-34rq-v8j9
 references:
     - fix: https://github.com/tidwall/gjson/commit/77a57fda87dca6d0d7d4627d512a630f89a91c96
     - web: https://github.com/tidwall/gjson/issues/237
     - web: https://github.com/tidwall/gjson/issues/236
     - web: https://github.com/tidwall/gjson/commit/590010fdac311cc8990ef5c97448d4fec8f29944
	id: GO-2021-0265
	modules:
	- module: github.com/tidwall/gjson
	versions:
	- fixed: 1.9.3
	vulnerable_at: 1.9.2
	packages:
	- package: github.com/tidwall/gjson
	symbols:
	- parseObject
	- queryMatches
	derived_symbols:
	- Get
	- GetBytes
	- GetMany
	- GetManyBytes
	- Result.Get
	summary: Denial of service in github.com/tidwall/gjson
	description: \|-
	A maliciously crafted path can cause Get and other query functions to consume
	excessive amounts of CPU and time.
	published: 2022-08-15T18:06:07Z
	cves:
	- CVE-2021-42248
	- CVE-2021-42836
	ghsas:
	- GHSA-c9gm-7rfj-8w5h
	- GHSA-ppj4-34rq-v8j9
	references:
	- fix: https://github.com/tidwall/gjson/commit/77a57fda87dca6d0d7d4627d512a630f89a91c96
	- web: https://github.com/tidwall/gjson/issues/237
	- web: https://github.com/tidwall/gjson/issues/236
	- web: https://github.com/tidwall/gjson/commit/590010fdac311cc8990ef5c97448d4fec8f29944