GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack.
{
"source": [
"CPE_RANGE",
"REFERENCES"
],
"cpe": "cpe:2.3:a:gjson_project:gjson:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "1.9.3"
}
]
}