Go modules package
github.com/tidwall/gjson
pkg:golang/github.com/tidwall/gjson
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-42836 | — | < 1.9.3 | 1.9.3 | Oct 22, 2021 | GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack. | ||
| CVE-2020-36066 | — | < 1.6.5 | 1.6.5 | Jan 5, 2021 | GJSON <1.6.5 allows attackers to cause a denial of service (remote) via crafted JSON. | ||
| CVE-2020-36067 | — | < 1.6.6 | 1.6.6 | Jan 5, 2021 | GJSON <=v1.6.5 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a crafted GET call. | ||
| CVE-2020-35380 | — | < 1.6.4 | 1.6.4 | Dec 15, 2020 | GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON. |
- CVE-2021-42836Oct 22, 2021affected < 1.9.3fixed 1.9.3
GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack.
- CVE-2020-36066Jan 5, 2021affected < 1.6.5fixed 1.6.5
GJSON <1.6.5 allows attackers to cause a denial of service (remote) via crafted JSON.
- CVE-2020-36067Jan 5, 2021affected < 1.6.6fixed 1.6.6
GJSON <=v1.6.5 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a crafted GET call.
- CVE-2020-35380Dec 15, 2020affected < 1.6.4fixed 1.6.4
GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON.