First published: Fri Oct 22 2021(Updated: )
GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
go/github.com/tidwall/gjson | <1.9.3 | 1.9.3 |
Gjson Project Gjson | <1.9.3 | |
IBM Cloud Pak for Security | <=1.10.0.0 - 1.10.11.0 | |
IBM QRadar Suite Software | <=1.10.12.0 - 1.10.16.0 | |
<1.9.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-42836 is a vulnerability in the GJSON package for Go that allows a ReDoS attack.
If you are using GJSON version 1.9.3 or earlier, your application may be vulnerable to a ReDoS attack.
CVE-2021-42836 has a severity rating of 7.5, which is considered high.
To fix CVE-2021-42836, upgrade to GJSON version 1.9.3 or later.
You can find more information about CVE-2021-42836 on the NIST National Vulnerability Database and the GitHub issues for GJSON.