Vulnerability Report: GO-2021-0054
- CVE-2020-36067, GHSA-p64j-r5f4-pwwx
- Affects: github.com/tidwall/gjson
- Published: Apr 14, 2021
- Modified: May 20, 2024
Due to improper bounds checking, maliciously crafted JSON objects can cause an out-of-bounds panic. If parsing user input, this may be used as a denial of service vector.
Affected Packages
-
PathGo VersionsSymbols
-
before v1.6.6
6 affected symbols
Aliases
References
- https://github.com/tidwall/gjson/commit/bf4efcb3c18d1825b2988603dea5909140a5302b
- https://github.com/tidwall/gjson/issues/196
- https://vuln.go.dev/ID/GO-2021-0054.json
Credits
- @toptotu
Feedback
See anything missing or incorrect?
Suggest an edit to this report.