CVE-2021-42836

Опубликовано: 22 окт. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack.

Ссылки

https://github.com/tidwall/gjson/commit/590010fdac311cc8990ef5c97448d4fec8f29944
Patch
Third Party Advisory
https://github.com/tidwall/gjson/commit/77a57fda87dca6d0d7d4627d512a630f89a91c96
Patch
Third Party Advisory
https://github.com/tidwall/gjson/compare/v1.9.2...v1.9.3
Release Notes
Third Party Advisory
https://github.com/tidwall/gjson/issues/236
Exploit
Issue Tracking
Third Party Advisory
https://github.com/tidwall/gjson/issues/237
Exploit
Issue Tracking
Patch
Third Party Advisory
https://github.com/tidwall/gjson/commit/590010fdac311cc8990ef5c97448d4fec8f29944
Patch
Third Party Advisory
https://github.com/tidwall/gjson/commit/77a57fda87dca6d0d7d4627d512a630f89a91c96
Patch
Third Party Advisory
https://github.com/tidwall/gjson/compare/v1.9.2...v1.9.3
Release Notes
Third Party Advisory
https://github.com/tidwall/gjson/issues/236
Exploit
Issue Tracking
Third Party Advisory
https://github.com/tidwall/gjson/issues/237
Exploit
Issue Tracking
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gjson_project:gjson:*:*:*:*:*:*:*:*

Версия до 1.9.3 (исключая)

EPSS

Процентиль: 37%

0.00161

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400

Связанные уязвимости

CVE-2021-42836

CVSS3: 7.5

ubuntu

больше 4 лет назад

GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack.

CVE-2021-42836

CVSS3: 7.5

msrc

больше 1 года назад

Описание отсутствует

CVE-2021-42836

CVSS3: 7.5

debian

больше 4 лет назад

GJSON before 1.9.3 allows a ReDoS (regular expression denial of servic ...

GHSA-ppj4-34rq-v8j9

CVSS3: 7.5

github

больше 4 лет назад

github.com/tidwall/gjson Vulnerable to REDoS attack

EPSS

Процентиль: 37%

0.00161

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400