Github.Com Tidwall Gjson vulnerabilities

CVE-2020-36067 [HIGH] CWE-129 Improper Validation of Array Index in GJSON Improper Validation of Array Index in GJSON GJSON < 1.6.6 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a crafted GET call.

CVE-2021-42248 [HIGH] CWE-1333 Duplicate Advisory: ReDoS via crafted JSON input in GJSON Duplicate Advisory: ReDoS via crafted JSON input in GJSON ## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-ppj4-34rq-v8j9. This link is maintained to preserve external references. ## Original Description GJSON <= 1.9.2 allows attackers to cause a redos via crafted JSON input.

CVE-2021-42836 [HIGH] CWE-1333 github.com/tidwall/gjson Vulnerable to REDoS attack github.com/tidwall/gjson Vulnerable to REDoS attack GJSON is a Go package that provides a fast and simple way to get values from a json document. GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack.

CVE-2020-35380 [HIGH] CWE-400 Denial of service in GJSON Denial of service in GJSON GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON. Due to improper bounds checking, maliciously crafted JSON objects can cause an out-of-bounds panic. If parsing user input, this may be used as a denial of service vector.

CVE-2020-36066 [HIGH] CWE-400 github.com/tidwall/gjson is vulnerable to Denial of service github.com/tidwall/gjson is vulnerable to Denial of service GJSON <1.6.5 allows attackers to cause a denial of service (remote) via crafted JSON.