Duplicate Advisory: ReDoS via crafted JSON input in GJSON

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-ppj4-34rq-v8j9. This link is maintained to preserve external references. Original Description GJSON = 1.9.2 allows attackers to cause a redos via crafted JSON input...

CVE-2021-42248

GJSON = 1.9.2 allows attackers to cause a redos via crafted JSON input...

CVE-2021-42248

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42836. Reason: This candidate is a duplicate of CVE-2021-42836. Notes: All CVE users should reference CVE-2021-42836 instead of this candidate...

Input validation

GJSON = 1.9.2 allows attackers to cause a redos via crafted JSON input...

编号撤回

Tidwall Gjson is a Go-based code library for interacting with json formatted data. a denial of service vulnerability exists in Tidwall Gjson version 1.9.2 and prior. An attacker could exploit this vulnerability to cause a denial of service of the application via specially crafted JSON input...

GHSA-PPJ4-34RQ-V8J9 github.com/tidwall/gjson Vulnerable to REDoS attack

GJSON is a Go package that provides a fast and simple way to get values from a json document. GJSON before 1.9.3 allows a ReDoS regular expression denial of service attack...

github.com/tidwall/gjson Vulnerable to REDoS attack

GJSON is a Go package that provides a fast and simple way to get values from a json document. GJSON before 1.9.3 allows a ReDoS regular expression denial of service attack...

Denial Of Service (DoS)

github.com/tidwall/gjson is vulnerable to denial of service DoS attacks. The vulnerability exists due to improper handling of long running matches in 'parseObject' in 'gjson.go' allowing a malicious user cause an application crash via a crafted json input...

PT-2021-23565 · Gjson · Gjson

Name of the Vulnerable Software and Affected Versions: GJSON versions 1.9.2 and earlier GJSON version 1.9.3 is not affected, but versions prior to 1.9.3 are vulnerable, so the correct consolidation is: GJSON versions prior to 1.9.3 Description: The issue allows attackers to cause a ReDoS regular...

DEBIAN-CVE-2021-42836

GJSON before 1.9.3 allows a ReDoS regular expression denial of service attack...

CVE-2021-42836

GJSON before 1.9.3 allows a ReDoS regular expression denial of service attack...

CVE-2021-42836

GJSON before 1.9.3 allows a ReDoS regular expression denial of service attack...

CVE-2021-42836

GJSON before 1.9.3 allows a ReDoS regular expression denial of service attack...

Design/Logic Flaw

GJSON before 1.9.3 allows a ReDoS regular expression denial of service attack...

UBUNTU-CVE-2021-42836

GJSON before 1.9.3 allows a ReDoS regular expression denial of service attack...

CVE-2021-42836

GJSON before 1.9.3 allows a ReDoS regular expression denial of service attack...

CVE-2021-42836

GJSON before 1.9.3 allows a ReDoS regular expression denial of service attack...

CVE-2021-42836

CVE-2021-42836 affects the GJSON library. The vulnerability is a ReDoS (regular expression denial of service) in GJSON before 1.9.3, triggered by crafted JSON input. The provided documents confirm the issue and reference the upstream fix path: upgrading from 1.9.2 to 1.9.3 or later. No exploit de...

GJSON 资源管理错误漏洞

Tidwall Gjson is a Go-based codebase for interacting with data in json format by the individual developers at Tidwall. GJSON A security vulnerability exists in GJSON before 1.9.3 that allows ReDoS Regular Expression Denial of Service attacks...

Denial of service in GJSON

GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON. Due to improper bounds checking, maliciously crafted JSON objects can cause an out-of-bounds panic. If parsing user input, this may be used as a denial of service vector...