GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON. Due to improper bounds checking, maliciously crafted JSON objects can cause an out-of-bounds panic. If parsing user input, this may be used as a denial of service vector.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/tidwall/gjson | lt | 1.6.4 |