CVE-2020-36067

High

GJSON <=v1.6.5 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a crafted GET call.

mitre·CWE-129·Published 2021-01-05

CVSS

7.5

EPSS

0.01

KEV

Exploits

cve.orgen

134 chars

GJSON <=v1.6.5 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a crafted GET call.

NVDen

134 chars

GJSON <=v1.6.5 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a crafted GET call.

Due to improper bounds checking, maliciously crafted JSON objects can cause an out-of-bounds panic. If parsing user input, this may be used as a denial of service vector.

GHSAen

133 chars

GJSON < 1.6.6 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a crafted GET call.

NVDes

215 chars

GJSON versiones anteriores a v1.6.5 e incluyéndola, permite a atacantes causar una denegación de servicio (pánico: error de tiempo de ejecución: límites de corte fuera de rango) por medio de una llamada GET diseñada

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P
3.1	Primary	cve.org	7.5	—	—	CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N
3.1	Primary	cve.org	7.5	—	—	CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1	Secondary	GHSA	7.5	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
3.1	Secondary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H