Vulnerability Report: GO-2021-0059
- CVE-2020-35380, GHSA-w942-gw6m-p62c
- Affects: github.com/tidwall/gjson
- Published: Apr 14, 2021
- Modified: May 20, 2024
Due to improper bounds checking, maliciously crafted JSON objects can cause an out-of-bounds panic. If parsing user input, this may be used as a denial of service vector.
Affected Packages
-
PathGo VersionsSymbols
-
before v1.6.4
8 affected symbols
Aliases
References
- https://github.com/tidwall/gjson/commit/f0ee9ebde4b619767ae4ac03e8e42addb530f6bc
- https://github.com/tidwall/gjson/issues/192
- https://vuln.go.dev/ID/GO-2021-0059.json
Credits
- @toptotu
Feedback
See anything missing or incorrect?
Suggest an edit to this report.