GHSA-c9gm-7rfj-8w5h
Suggest an improvement- Source
- https://github.com/advisories/GHSA-c9gm-7rfj-8w5h
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-c9gm-7rfj-8w5h/GHSA-c9gm-7rfj-8w5h.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-c9gm-7rfj-8w5h
- Aliases
-
- CVE-2021-42248
- CVE-2021-42836
- GHSA-ppj4-34rq-v8j9
- GO-2021-0265
- Withdrawn
- 2024-05-03T20:39:36Z
- Published
- 2022-05-25T00:00:38Z
- Modified
- 2024-05-19T02:24:21.070367Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Duplicate Advisory: ReDoS via crafted JSON input in GJSON
- Details
-
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-ppj4-34rq-v8j9. This link is maintained to preserve external references.
Original Description
GJSON <= 1.9.2 allows attackers to cause a redos via crafted JSON input.
- Database specific
{ "nvd_published_at": "2022-05-24T15:15:00Z", "cwe_ids": [ "CWE-1333" ], "github_reviewed_at": "2022-06-06T21:20:02Z", "severity": "HIGH", "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2021-42248
- https://github.com/tidwall/gjson/issues/236
- https://github.com/tidwall/gjson/issues/237
- https://github.com/tidwall/gjson/commit/590010fdac311cc8990ef5c97448d4fec8f29944
- https://github.com/tidwall/gjson/commit/77a57fda87dca6d0d7d4627d512a630f89a91c96
- https://github.com/tidwall/gjson
- https://pkg.go.dev/vuln/GO-2021-0265
Affected packages
Go / github.com/tidwall/gjson
Package
- Name
- github.com/tidwall/gjson
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/tidwall/gjson