logo

Database

Asymmetric denial of service - ReDoS In github.com/tidwall/gjson

Description

Duplicate Advisory: ReDoS via crafted JSON input in GJSON

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-ppj4-34rq-v8j9. This link is maintained to preserve external references.

Original Description

GJSON <= 1.9.2 allows attackers to cause a redos via crafted JSON input.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2021-422482. NVD-2021-422483. OSV-2021-422484. GCVE-2021-42248

References

1. https://github.com/tidwall/gjson/issues/2362. https://github.com/tidwall/gjson/issues/2373. https://github.com/tidwall/gjson/commit/590010fdac311cc8990ef5c97448d4fec8f299444. https://github.com/tidwall/gjson/commit/77a57fda87dca6d0d7d4627d512a630f89a91c965. https://pkg.go.dev/vuln/GO-2021-0265

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.