Описание
Denial of Service in jsonparser
jsonparser before 1.1.1 allows attackers to cause a denial of service via a GET call.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-35381
- https://github.com/buger/jsonparser/issues/219
- https://github.com/buger/jsonparser/pull/221
- https://github.com/buger/jsonparser/commit/df3ea76ece10095374fd1c9a22a4fb85a44efc42
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27EA7OGCELV7QFAGVIHODHWKMKGFVIUZ
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LJO5N7YTDEUSTKYTNA372CE6VHCZJWUG
- https://pkg.go.dev/vuln/GO-2021-0057
Пакеты
Наименование
github.com/buger/jsonparser
go
Затронутые версииВерсия исправления
< 1.1.1
1.1.1
Связанные уязвимости
CVSS3: 7.5
ubuntu
около 5 лет назад
jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call.
CVSS3: 7.5
redhat
около 5 лет назад
jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call.
CVSS3: 7.5
nvd
около 5 лет назад
jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call.
CVSS3: 7.5
debian
около 5 лет назад
jsonparser 1.0.0 allows attackers to cause a denial of service (panic: ...