CVE-2020-35380Uncontrolled Resource Consumption in Tidwall Gjson

CWE-400Uncontrolled Resource Consumption6 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 35.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Github.com Tidwall GjsonGjson Project GjsonDebian Golang-github-tidwall-gjson
Timeline
PublishedDec 15
Latest updateJun 23

Description

GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDgjson_project/gjson< 1.6.4
debiandebian/golang-github-tidwall-gjson< golang-github-tidwall-gjson 1.6.7-1 (bookworm)

🔴Vulnerability Details

4
OSV
Denial of service in GJSON2021-06-23
GHSA
Denial of service in GJSON2021-06-23
OSV
Panic due to improper input validation in Get in github.com/tidwall/gjson2021-04-14
OSV
CVE-2020-35380: GJSON before 12020-12-15

📋Vendor Advisories

1
Debian
CVE-2020-35380: golang-github-tidwall-gjson - GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSO...2020