2022-09-14 01:40:34 +03:00
{
"id" : "GO-2021-0054" ,
"published" : "2021-04-14T20:04:52Z" ,
"modified" : "0001-01-01T00:00:00Z" ,
"aliases" : [
"CVE-2020-36067"
] ,
2022-10-05 19:05:17 +03:00
"details" : "Due to improper bounds checking, maliciously crafted JSON objects can cause an out-of-bounds panic. If parsing user input, this may be used as a denial of service vector." ,
2022-09-14 01:40:34 +03:00
"affected" : [
{
"package" : {
"name" : "github.com/tidwall/gjson" ,
"ecosystem" : "Go"
} ,
"ranges" : [
{
"type" : "SEMVER" ,
"events" : [
{
"introduced" : "0"
} ,
{
"fixed" : "1.6.6"
}
]
}
] ,
"database_specific" : {
"url" : "https://pkg.go.dev/vuln/GO-2021-0054"
} ,
"ecosystem_specific" : {
"imports" : [
{
"path" : "github.com/tidwall/gjson" ,
"symbols" : [
"Result.ForEach" ,
"unwrap"
]
}
]
}
}
] ,
"references" : [
{
"type" : "FIX" ,
"url" : "https://github.com/tidwall/gjson/commit/bf4efcb3c18d1825b2988603dea5909140a5302b"
} ,
{
"type" : "WEB" ,
"url" : "https://github.com/tidwall/gjson/issues/196"
}
2022-10-01 17:10:57 +03:00
] ,
"credits" : [
{
"name" : "@toptotu"
}
2022-09-14 01:40:34 +03:00
]
}