Question 1

Is there a bug in github.com/tidwall/gjson?

Accepted Answer

github.com/tidwall/gjson is vulnerable to Denial of service GJSON <1.6.5 allows attackers to cause a denial of service (remote) via crafted JSON. Fixed in github.com/tidwall/gjson 1.6.5.

Question 2

Is there a bug in github.com/tidwall/gjson?

Accepted Answer

Denial of service in GJSON GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON. Due to improper bounds checking, maliciously crafted JSON objects can cause an out-of-bounds panic. If parsing user input, this may be used as a denial of service vector. Fixed in github.com/tidwall/gjson 1.6.4.

Question 3

Is there a bug in github.com/tidwall/gjson?

Accepted Answer

github.com/tidwall/gjson Vulnerable to REDoS attack GJSON is a Go package that provides a fast and simple way to get values from a json document. GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack. Fixed in github.com/tidwall/gjson 1.9.3.

Question 4

Is there a bug in github.com/tidwall/gjson?

Accepted Answer

Improper Validation of Array Index in GJSON GJSON < 1.6.6 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a crafted GET call. Fixed in github.com/tidwall/gjson 1.6.6.

Question 5

Is there a bug in github.com/tidwall/gjson?

Accepted Answer

Denial of service via maliciously crafted JSON in github.com/tidwall/gjson A maliciously crafted JSON input can cause a denial of service attack. Fixed in github.com/tidwall/gjson 1.6.5.

Question 6

Is there a bug in github.com/tidwall/gjson?

Accepted Answer

Denial of service via maliciously crafted path in github.com/tidwall/gjson A maliciously crafted path can cause Get and other query functions to consume excessive amounts of CPU and time. Fixed in github.com/tidwall/gjson 1.9.3.

Question 7

Is there a bug in github.com/tidwall/gjson?

Accepted Answer

Panic due to improper input validation in Get in github.com/tidwall/gjson Due to improper bounds checking, maliciously crafted JSON objects can cause an out-of-bounds panic. If parsing user input, this may be used as a denial of service vector. Fixed in github.com/tidwall/gjson 1.6.4.

Question 8

Is there a bug in github.com/tidwall/gjson?

Accepted Answer

Panic due to improper input validation in ForEach in github.com/tidwall/gjson Due to improper bounds checking, maliciously crafted JSON objects can cause an out-of-bounds panic. If parsing user input, this may be used as a denial of service vector. Fixed in github.com/tidwall/gjson 1.6.6.

Severity	Affected	Fixed in	Title	Status	Source
high	any	1.6.5	github.com/tidwall/gjson is vulnerable to Denial of service GJSON <1.6.5 allows attackers to cause a denial of service (remote) via crafted JSON.	fixed	osv:GHSA-wjm3-fq3r-5x46
high	any	1.6.4	Denial of service in GJSON GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON. Due to improper bounds checking, maliciously crafted JSON objects can cause an out-of-bounds panic. If parsing user input, this may be used as a denial of service vector.	fixed	osv:GHSA-w942-gw6m-p62c
high	any	1.9.3	github.com/tidwall/gjson Vulnerable to REDoS attack GJSON is a Go package that provides a fast and simple way to get values from a json document. GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack.	fixed	osv:GHSA-ppj4-34rq-v8j9
high	any	1.6.6	Improper Validation of Array Index in GJSON GJSON < 1.6.6 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a crafted GET call.	fixed	osv:GHSA-p64j-r5f4-pwwx
medium	any	1.6.5	Denial of service via maliciously crafted JSON in github.com/tidwall/gjson A maliciously crafted JSON input can cause a denial of service attack.	fixed	osv:GO-2022-0957
medium	any	1.9.3	Denial of service via maliciously crafted path in github.com/tidwall/gjson A maliciously crafted path can cause Get and other query functions to consume excessive amounts of CPU and time.	fixed	osv:GO-2021-0265
medium	any	1.6.4	Panic due to improper input validation in Get in github.com/tidwall/gjson Due to improper bounds checking, maliciously crafted JSON objects can cause an out-of-bounds panic. If parsing user input, this may be used as a denial of service vector.	fixed	osv:GO-2021-0059
medium	any	1.6.6	Panic due to improper input validation in ForEach in github.com/tidwall/gjson Due to improper bounds checking, maliciously crafted JSON objects can cause an out-of-bounds panic. If parsing user input, this may be used as a denial of service vector.	fixed	osv:GO-2021-0054

github.com/tidwall/gjson known bugs