GO-2021-0265

Source

https://pkg.go.dev/vuln/GO-2021-0265

Import Source

https://vuln.go.dev/ID/GO-2021-0265.json

Aliases

CVE-2021-42248
CVE-2021-42836
GHSA-c9gm-7rfj-8w5h
GHSA-ppj4-34rq-v8j9
GO-2022-0592

Published

2022-08-15T18:06:07Z

Modified

2023-12-14T15:51:14Z

Details

A maliciously crafted path can cause Get and other query functions to consume excessive amounts of CPU and time.

References

https://github.com/tidwall/gjson/commit/77a57fda87dca6d0d7d4627d512a630f89a91c96
https://github.com/tidwall/gjson/issues/237
https://github.com/tidwall/gjson/issues/236
https://github.com/tidwall/gjson/commit/590010fdac311cc8990ef5c97448d4fec8f29944

Affected packages

Go / github.com/tidwall/gjson

Package

Name: github.com/tidwall/gjson

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.9.3

Ecosystem specific

{
    "imports": [
        {
            "path": "github.com/tidwall/gjson",
            "symbols": [
                "Get",
                "GetBytes",
                "GetMany",
                "GetManyBytes",
                "Result.Get",
                "parseObject",
                "queryMatches"
            ]
        }
    ]
}