GO-2022-0592

Source

https://pkg.go.dev/vuln/GO-2022-0592

Import Source

https://vuln.go.dev/ID/GO-2022-0592.json

Aliases

CVE-2021-42248
CVE-2021-42836
GHSA-c9gm-7rfj-8w5h
GHSA-ppj4-34rq-v8j9
GO-2021-0265

Published

2022-08-15T18:06:07Z

Modified

2023-11-08T04:07:05.346665Z

Details

A maliciously crafted path can cause Get and other query functions to consume excessive amounts of CPU and time.

References

https://github.com/tidwall/gjson/commit/77a57fda87dca6d0d7d4627d512a630f89a91c96
https://github.com/tidwall/gjson/issues/237
https://nvd.nist.gov/vuln/detail/CVE-2021-42248
https://github.com/advisories/GHSA-c9gm-7rfj-8w5h

Affected packages

Go / github.com/tidwall/gjson

Package

Name: github.com/tidwall/gjson

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

1.9.3

Ecosystem specific

{
    "imports": [
        {
            "path": "github.com/tidwall/gjson",
            "symbols": [
                "Get",
                "GetBytes",
                "GetMany",
                "GetManyBytes",
                "Result.Get",
                "queryMatches"
            ]
        }
    ]
}

Database specific

{
    "url": "https://pkg.go.dev/vuln/GO-2022-0592"
}