Vulnerability Report: GO-2021-0057
- CVE-2020-35381, GHSA-8vrw-m3j9-j27c
- Affects: github.com/buger/jsonparser
- Published: Apr 14, 2021
- Modified: May 20, 2024
Due to improper bounds checking, maliciously crafted JSON objects can cause an out-of-bounds panic. If parsing user input, this may be used as a denial of service vector.
Affected Packages
-
PathGo VersionsSymbols
-
before v1.1.1
Aliases
References
- https://github.com/buger/jsonparser/pull/221
- https://github.com/buger/jsonparser/commit/df3ea76ece10095374fd1c9a22a4fb85a44efc42
- https://github.com/buger/jsonparser/issues/219
- https://vuln.go.dev/ID/GO-2021-0057.json
Credits
- @toptotu
Feedback
See anything missing or incorrect?
Suggest an edit to this report.