GHSA-jr77-8gx4-h5qh

Suggest an improvement
Source
https://github.com/advisories/GHSA-jr77-8gx4-h5qh
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-jr77-8gx4-h5qh/GHSA-jr77-8gx4-h5qh.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-jr77-8gx4-h5qh
Aliases
Published
2022-11-11T12:00:33Z
Modified
2023-11-08T04:10:32.235022Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
MessagePack for Golang subject to DoS via Unmarshal panic
Details

Unmarshal can panic on some inputs, possibly allowing for denial of service attacks. This issue has been patched in version 2.1.1.

Database specific 
{
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-400"
    ],
    "nvd_published_at": "2022-11-10T20:15:00Z",
    "github_reviewed_at": "2022-11-16T00:04:13Z",
    "severity": "HIGH"
}
References

Affected packages

Go / github.com/shamaton/msgpack/v2

Package

Name
github.com/shamaton/msgpack/v2
View open source insights on deps.dev
Purl
pkg:golang/github.com/shamaton/msgpack/v2

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.1.1