Source: golang-github-buger-jsonparser Version: 0.0~git20170705.0.9addec9-2 Severity: grave Tags: security upstream Forwarded: https://github.com/buger/jsonparser/issues/188
Hi, The following vulnerability was published for golang-github-buger-jsonparser. The severity might be indeed overrated, but the motiviation for making it RC is, that it looks to be quite unmaintained versionwise. CVE-2020-10675[0]: | The Library API in buger jsonparser through 2019-12-04 allows | attackers to cause a denial of service (infinite loop) via a Delete | call. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-10675 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10675 [1] https://github.com/buger/jsonparser/issues/188 Regards, Salvatore
