MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJtaDItNjV4dy05bTZx

High EPSS: 0.00275% (0.50658 Percentile) EPSS:

Permalink JSON

Infinite Loop in jsonparser

Affected Packages	Affected Versions	Fixed Versions
go:github.com/buger/jsonparser	< 1.0.0	1.0.0
3,672 Dependent packages 22,092 Dependent repositories Affected Version Ranges All affected versions All unaffected versions 1.0.0, 1.1.0, 1.1.1

The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service (infinite loop) via a Delete call.

References:

https://nvd.nist.gov/vuln/detail/CVE-2020-10675
https://github.com/buger/jsonparser/issues/188
https://github.com/buger/jsonparser/pull/192
https://github.com/buger/jsonparser/commit/91ac96899e492584984ded0c8f9a08f10b473717
https://pkg.go.dev/vuln/GO-2021-0089
https://lists.fedoraproject.org/archives/list/[email protected]/message/4C7PV6KEUUM76V4B2J5IFN2U6LEOWB67
https://lists.fedoraproject.org/archives/list/[email protected]/message/6KUHKDQSEYJNROA66OMN6AAQMGAAN6WI
https://github.com/advisories/GHSA-rmh2-65xw-9m6q

Identifiers

GHSA-rmh2-65xw-9m6q

CVE-2020-10675

Risk

Severity

High

EPSS

EPSS Percentage: 0.00275

EPSS Percentile: 0.50658

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/buger/jsonparser

Date and time

Published

about 4 years ago

Updated

about 1 year ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories