GitHub Advisory DatabaseGHSA-PPJ4-34RQ-V8J9github.com/tidwall/gjson Vulnerable to REDoS attack
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
63.9%
GJSON is a Go package that provides a fast and simple way to get values from a json document. GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/tidwall/gjson | lt | 1.9.3 |
References
github.com/advisories/GHSA-ppj4-34rq-v8j9
github.com/tidwall/gjson/commit/590010fdac311cc8990ef5c97448d4fec8f29944
github.com/tidwall/gjson/commit/77a57fda87dca6d0d7d4627d512a630f89a91c96
github.com/tidwall/gjson/compare/v1.9.2...v1.9.3
github.com/tidwall/gjson/issues/236
github.com/tidwall/gjson/issues/237
nvd.nist.gov/vuln/detail/CVE-2021-42836
pkg.go.dev/vuln/GO-2021-0265
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
63.9%