Go modules package
github.com/buger/jsonparser
pkg:golang/github.com/buger/jsonparser
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-32285 | Hig | 7.5 | < 1.1.2 | 1.1.2 | Mar 26, 2026 | The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack. | |
| CVE-2020-35381 | — | < 1.1.1 | 1.1.1 | Dec 15, 2020 | jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call. | ||
| CVE-2020-10675 | — | < 1.0.0 | 1.0.0 | Mar 19, 2020 | The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call. |
- affected < 1.1.2fixed 1.1.2
The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack.
- CVE-2020-35381Dec 15, 2020affected < 1.1.1fixed 1.1.1
jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call.
- CVE-2020-10675Mar 19, 2020affected < 1.0.0fixed 1.0.0
The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call.