tidwall
commented
3 years ago These issues have already been reported and addressed.
Closed Schneider-Electric-Carros closed 3 years ago
tidwall
commented
3 years ago These issues have already been reported and addressed.
Context where the vulnerabilities are detected
Steps to reproduce:
Create a Hello World application importing tidwall/gjson Build the application Scan the result with Black Duck Binary Analysis
Expected behavior:
No vulnerablities should be reported.
Actual behavior:
3 High vulnerabilities are detected.
More details on the vulnerabilities:
High (CVE-2020-36066)
GJSON <1.6.5 allows attackers to cause a denial of service (remote) via crafted JSON.
High (CVE-2020-35380)
GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON.
High (CVE-2020-36067)
GJSON <=v1.6.5 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a crafted GET call.