CVE-2020-36066Uncontrolled Resource Consumption in Tidwall Gjson

CWE-400Uncontrolled Resource Consumption6 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 57.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Github.com Tidwall GjsonGjson Project GjsonDebian Golang-github-tidwall-gjson
Timeline
PublishedJan 5
Latest updateAug 25

Description

GJSON <1.6.5 allows attackers to cause a denial of service (remote) via crafted JSON.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDgjson_project/gjson< 1.6.5
debiandebian/golang-github-tidwall-gjson< golang-github-tidwall-gjson 1.6.7-1 (bookworm)

🔴Vulnerability Details

4
OSV
Denial of service via maliciously crafted JSON in github.com/tidwall/gjson2022-08-25
OSV
github.com/tidwall/gjson is vulnerable to Denial of service2021-05-18
GHSA
github.com/tidwall/gjson is vulnerable to Denial of service2021-05-18
OSV
CVE-2020-36066: GJSON <12021-01-05

📋Vendor Advisories

1
Debian
CVE-2020-36066: golang-github-tidwall-gjson - GJSON <1.6.5 allows attackers to cause a denial of service (remote) via crafted ...2020