GHSA-c9gm-7rfj-8w5h

Source

https://github.com/advisories/GHSA-c9gm-7rfj-8w5h

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-c9gm-7rfj-8w5h/GHSA-c9gm-7rfj-8w5h.json

Aliases

• CVE-2021-42248
• CVE-2021-42836
• GHSA-ppj4-34rq-v8j9
• GO-2021-0265
• GO-2022-0592

Withdrawn

2024-05-03T20:39:36Z

Published

2022-05-25T00:00:38Z

Modified

2024-05-03T20:39:36Z

Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-ppj4-34rq-v8j9. This link is maintained to preserve external references.

Original Description

GJSON <= 1.9.2 allows attackers to cause a redos via crafted JSON input.

References

• https://nvd.nist.gov/vuln/detail/CVE-2021-42248
• https://github.com/tidwall/gjson/issues/236
• https://github.com/tidwall/gjson/issues/237
• https://github.com/tidwall/gjson/commit/590010fdac311cc8990ef5c97448d4fec8f29944
• https://github.com/tidwall/gjson/commit/77a57fda87dca6d0d7d4627d512a630f89a91c96
• https://github.com/tidwall/gjson
• https://pkg.go.dev/vuln/GO-2021-0265