Azure Linux 3.0 Security Update: keda (CVE-2021-42836)

The version of keda installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-42836 advisory. - GJSON before 1.9.3 allows a ReDoS regular expression denial of service attack. CVE-2021-42836 Note that Nessus...

EUVD-2021-1221

Malware in sbrugna...

EUVD-2021-2240

Malware in sbrugna...

EUVD-2021-1416

Malware in sbrugna...

EUVD-2023-0752

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2020-35380

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON. CVE-2020-35380 Note that Nessus relies on the presence of the package as...

Linux Distros Unpatched Vulnerability : CVE-2020-36066

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GJSON 1.6.5 allows attackers to cause a denial of service remote via crafted JSON. CVE-2020-36066 Note that Nessus relies on the presence of the package as...

Linux Distros Unpatched Vulnerability : CVE-2020-36067

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GJSON =v1.6.5 allows attackers to cause a denial of service panic: runtime error: slice bounds out of range via a crafted GET call. CVE-2020-36067 Note that...

CVE-2020-35380

GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON...

Linux Distros Unpatched Vulnerability : CVE-2021-42836

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GJSON before 1.9.3 allows a ReDoS regular expression denial of service attack. CVE-2021-42836 Note that Nessus relies on the presence of the package as reported...

CVE-2020-36066

GJSON 1.6.5 allows attackers to cause a denial of service remote via crafted JSON...

CVE-2020-36067

GJSON =v1.6.5 allows attackers to cause a denial of service panic: runtime error: slice bounds out of range via a crafted GET call...

GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack.

...

Denial Of Service (DoS)

github.com/tidwall/gjson is vulnerable to Denial Of Service DoS. The vulnerability is due to improper bounds checking during JSON parsing within gjson.go. This can leads to DoS if the application parses untrusted input...

Improper Validation of Array Index in GJSON

GJSON 1.6.6 allows attackers to cause a denial of service panic: runtime error: slice bounds out of range via a crafted GET call...

GHSA-P64J-R5F4-PWWX Improper Validation of Array Index in GJSON

GJSON 1.6.6 allows attackers to cause a denial of service panic: runtime error: slice bounds out of range via a crafted GET call...

GO-2022-0957 Denial of service via maliciously crafted JSON in github.com/tidwall/gjson

A maliciously crafted JSON input can cause a denial of service attack...

GO-2021-0265 Denial of service via maliciously crafted path in github.com/tidwall/gjson

A maliciously crafted path can cause Get and other query functions to consume excessive amounts of CPU and time...

Tidwall Gjson Denial of Service Vulnerability

Tidwall Gjson is a Go-based code library for interacting with json formatted data. a denial of service vulnerability exists in Tidwall Gjson version 1.9.2 and prior. An attacker could exploit this vulnerability to cause a denial of service of the application via specially crafted JSON input...

GHSA-C9GM-7RFJ-8W5H Duplicate Advisory: ReDoS via crafted JSON input in GJSON

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-ppj4-34rq-v8j9. This link is maintained to preserve external references. Original Description GJSON = 1.9.2 allows attackers to cause a redos via crafted JSON input...