CVE-2021-42248

Name of the Vulnerable Software and Affected Versions GJSON versions 1.9.2 and earlier GJSON version 1.9.3 is not affected, but versions prior to 1.9.3 are vulnerable, so the correct consolidation is: GJSON versions prior to 1.9.3

Description The issue allows attackers to cause a ReDoS (regular expression denial of service) attack via crafted JSON input. A maliciously crafted path can cause Get and other query functions to consume excessive amounts of CPU and time.

Recommendations For GJSON versions prior to 1.9.3, update to version 1.9.3 or later to resolve the issue. As a temporary workaround, consider restricting the input to the Get and other query functions to prevent excessive CPU and time consumption.