This advisory has been withdrawn because it is a duplicate of GHSA-ppj4-34rq-v8j9. This link is maintained to preserve external references.
GJSON <= 1.9.2 allows attackers to cause a redos via crafted JSON input.