logo

Database

Lack of data validation - Path Traversal In golang-github-buger-jsonparser

Description

Denial of Service in jsonparser jsonparser before 1.1.1 allows attackers to cause a denial of service via a GET call.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2020-353812. NVD-2020-353813. OSV-DEBIAN-2020-353814. OSV-2020-353815. GCVE-2020-353816. SECURITY-TRACKER-CVE-2020-35381

References

1. https://github.com/buger/jsonparser/issues/2192. https://github.com/buger/jsonparser/pull/2213. https://github.com/buger/jsonparser/commit/df3ea76ece10095374fd1c9a22a4fb85a44efc424. https://lists.fedoraproject.org/archives/list/[email protected]/message/27EA7OGCELV7QFAGVIHODHWKMKGFVIUZ5. https://lists.fedoraproject.org/archives/list/[email protected]/message/LJO5N7YTDEUSTKYTNA372CE6VHCZJWUG6. https://pkg.go.dev/vuln/GO-2021-0057

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.