CVE-2020-36067

Name of the Vulnerable Software and Affected Versions GJSON versions 1.6.5 and earlier GJSON version 1.6.5

Description The issue allows attackers to cause a denial of service via a crafted GET call, resulting in a panic due to a runtime error, specifically a slice bounds out of range error. This can be exploited by sending a maliciously crafted JSON object, which may cause an out-of-bounds panic due to improper bounds checking. If the software is parsing user input, this may be used as a denial of service vector.

Recommendations For GJSON versions 1.6.5 and earlier, update to version 1.6.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the API endpoint that handles GET calls to minimize the risk of exploitation. Avoid using the vulnerable GJSON library until the issue is resolved.