CVE-2021-42836

Name of the Vulnerable Software and Affected Versions GJSON versions prior to 1.9.3

Description The issue allows a ReDoS (regular expression denial of service) attack. GJSON is a Go package that provides a fast and simple way to get values from a JSON document. A maliciously crafted path can cause Get and other query functions to consume excessive amounts of CPU and time.

Recommendations For versions prior to 1.9.3, update to version 1.9.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of crafted JSON input to minimize the risk of exploitation. Avoid using maliciously crafted paths in the Get and other query functions until the issue is resolved.