Debian Golang-Github-Tidwall-Gjson vulnerabilities

CVE-2021-42836 [HIGH] CVE-2021-42836: golang-github-tidwall-gjson - GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack. GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack. Scope: local bookworm: resolved (fixed in 1.14.4-2) bullseye: open forky: resolved (fixed in 1.14.4-2) sid: resolved (fixed in 1.14.4-2) trixie: resolved (fixed in 1.14.4-2)

CVE-2020-36066 [HIGH] CVE-2020-36066: golang-github-tidwall-gjson - GJSON <1.6.5 allows attackers to cause a denial of service (remote) via crafted ... GJSON <1.6.5 allows attackers to cause a denial of service (remote) via crafted JSON. Scope: local bookworm: resolved (fixed in 1.6.7-1) bullseye: resolved (fixed in 1.6.7-1) forky: resolved (fixed in 1.6.7-1) sid: resolved (fixed in 1.6.7-1) trixie: resolved (fixed in 1.6.7-1)

CVE-2020-36067 [HIGH] CVE-2020-36067: golang-github-tidwall-gjson - GJSON <=v1.6.5 allows attackers to cause a denial of service (panic: runtime err... GJSON <=v1.6.5 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a crafted GET call. Scope: local bookworm: resolved (fixed in 1.6.7-1) bullseye: resolved (fixed in 1.6.7-1) forky: resolved (fixed in 1.6.7-1) sid: resolved (fixed in 1.6.7-1) trixie: resolved (fixed in 1.6.7-1)

CVE-2020-35380 [HIGH] CVE-2020-35380: golang-github-tidwall-gjson - GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSO... GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON. Scope: local bookworm: resolved (fixed in 1.6.7-1) bullseye: resolved (fixed in 1.6.7-1) forky: resolved (fixed in 1.6.7-1) sid: resolved (fixed in 1.6.7-1) trixie: resolved (fixed in 1.6.7-1)