CVE-2021-42248 — Regex Denial of Service in Tidwall Gjson

CWE-1333 — Regex Denial of Service5 documents3 sources

Severity

7.5HIGH

No vector

EPSS

No EPSS data

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Tidwall Gjson Msrc Azure Linux 3.0 ARM Msrc Azure Linux 3.0 X64

Timeline

PublishedOct 25

Latest updateSep 10

Description

github.com/tidwall/gjson Vulnerable to REDoS attack GJSON is a Go package that provides a fast and simple way to get values from a json document. GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack.

Affected Packages3 packages

▶Gogithub.com/tidwall_gjson< 1.9.3

▶msrcmsrc/azure_linux_3.0_arm

▶msrcmsrc/azure_linux_3.0_x64

🔴Vulnerability Details

OSV

Denial of service via maliciously crafted path in github.com/tidwall/gjson↗2022-08-15

▶

OSV

Duplicate Advisory: ReDoS via crafted JSON input in GJSON↗2022-05-25

▶

GHSA

Duplicate Advisory: ReDoS via crafted JSON input in GJSON↗2022-05-25

▶

OSV

github.com/tidwall/gjson Vulnerable to REDoS attack↗2021-10-25

▶

📋Vendor Advisories

Microsoft

CVE-2021-42248: NIST NVD Details: https://nvd↗2024-09-10

▶