Fluid Attacks Database

Description

github.com/tidwall/gjson Vulnerable to REDoS attack GJSON is a Go package that provides a fast and simple way to get values from a json document. GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	golang-github-tidwall-gjson	=1.14.4-1 \|\| =1.14.4-2 \|\| =1.17.1-1 \|\| =1.6.7-1 \|\| =1.6.7-2	-
debian 12	golang-github-tidwall-gjson	>=0 <1.14.4-2	1.14.4-2
debian 13	golang-github-tidwall-gjson	>=0 <1.14.4-2	1.14.4-2
go	github.com/tidwall/gjson	>=0 <1.9.3	1.9.3
debian 14	golang-github-tidwall-gjson	>=0 <1.14.4-2	1.14.4-2

Aliases

1. CVE-2021-428362. NVD-2021-428363. OSV-DEBIAN-2021-428364. OSV-2021-428365. GCVE-2021-428366. SECURITY-TRACKER-CVE-2021-42836

References

1. https://github.com/tidwall/gjson/issues/2362. https://github.com/tidwall/gjson/issues/2373. https://github.com/tidwall/gjson/commit/590010fdac311cc8990ef5c97448d4fec8f299444. https://github.com/tidwall/gjson/commit/77a57fda87dca6d0d7d4627d512a630f89a91c965. https://github.com/tidwall/gjson/compare/v1.9.2...v1.9.36. https://pkg.go.dev/vuln/GO-2021-0265

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.