Skip to content

Commit 2b4b07d

Browse files
naveensrinivasannaveensrinivasan
committed
🌱 Fix GO-2021-0089 vulnerability
The github.com/buger/jsonparser has this vulnerability. "vulns": [ { "id": "GO-2021-0089", "package": { "name": "github.com/buger/jsonparser", "ecosystem": "Go" }, "details": "Parsing malformed JSON which contain opening brackets, but not closing brackes,\nleads to an infinite loop. If operating on untrusted user input this can be\nused as a denial of service vector.\n", "affects": { "ranges": [ { "type": "SEMVER", "fixed": "0.0.0-20200321185410-91ac96899e49" } ] }, "aliases": [ "CVE-2020-10675" ], "modified": "2021-04-14T12:00:00Z", "published": "2021-04-14T12:00:00Z", "ecosystem_specific": { "symbols": [ "findKeyStart" ] }, "database_specific": { "source": "https://storage.googleapis.com/go-vulndb/github.com/buger/jsonparser.json", "url": "https://go.googlesource.com/vulndb/+/refs/heads/master/reports/GO-2021-0089.yaml" }, "references": [ { "type": "FIX", "url": "buger/jsonparser#192" }, { "type": "FIX", "url": "buger/jsonparser@91ac968" }, { "type": "WEB", "url": "buger/jsonparser#188" } ], "affected": [ { "package": { "name": "github.com/buger/jsonparser", "ecosystem": "Go" }, "ranges": [ { "type": "SEMVER", "events": [ { "introduced": "0" }, { "fixed": "0.0.0-20200321185410-91ac96899e49" } ] } ], "ecosystem_specific": { "symbols": [ "findKeyStart" ] }, "database_specific": { "source": "https://storage.googleapis.com/go-vulndb/github.com/buger/jsonparser.json", "url": "https://go.googlesource.com/vulndb/+/refs/heads/master/reports/GO-2021-0089.yaml" } } ] }, { "id": "GO-2021-0057", "package": { "name": "github.com/buger/jsonparser", "ecosystem": "Go" }, "details": "Due to improper bounds checking, maliciously crafted JSON objects\ncan cause an out-of-bounds panic. If parsing user input, this may\nbe used as a denial of service vector.\n", "affects": { "ranges": [ { "type": "SEMVER", "fixed": "1.1.1" } ] }, "aliases": [ "CVE-2020-35381" ], "modified": "2021-04-14T12:00:00Z", "published": "2021-04-14T12:00:00Z", "ecosystem_specific": { "symbols": [ "searchKeys" ] }, "database_specific": { "source": "https://storage.googleapis.com/go-vulndb/github.com/buger/jsonparser.json", "url": "https://go.googlesource.com/vulndb/+/refs/heads/master/reports/GO-2021-0057.yaml" }, "references": [ { "type": "FIX", "url": "buger/jsonparser#221" }, { "type": "FIX", "url": "buger/jsonparser@df3ea76" }, { "type": "WEB", "url": "buger/jsonparser#219" } ], "affected": [ { "package": { "name": "github.com/buger/jsonparser", "ecosystem": "Go" }, "ranges": [ { "type": "SEMVER", "events": [ { "introduced": "0" }, { "fixed": "1.1.1" } ] } ], "ecosystem_specific": { "symbols": [ "searchKeys" ] }, "database_specific": { "url": "https://go.googlesource.com/vulndb/+/refs/heads/master/reports/GO-2021-0057.yaml", "source": "https://storage.googleapis.com/go-vulndb/github.com/buger/jsonparser.json" } } ] } ] }
1 parent bc5d7a8 commit 2b4b07d

File tree

2 files changed

+3
-1
lines changed

2 files changed

+3
-1
lines changed

go.mod

+2
Original file line numberDiff line numberDiff line change
@@ -93,3 +93,5 @@ require (
9393
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
9494
gopkg.in/warnings.v0 v0.1.2 // indirect
9595
)
96+
97+
replace github.com/buger/jsonparser => github.com/buger/jsonparser v1.1.1

go.sum

+1-1
Original file line numberDiff line numberDiff line change
@@ -291,7 +291,7 @@ github.com/bradfitz/go-smtpd v0.0.0-20170404230938-deb6d6237625/go.mod h1:HYsPBT
291291
github.com/bradleyfalzon/ghinstallation/v2 v2.0.2 h1:VdhctVU4Kag+Yo5iuvEvFx4HNpLEI99Cm41UnE7y1WE=
292292
github.com/bradleyfalzon/ghinstallation/v2 v2.0.2/go.mod h1:GhRUp70E+QFvNemlFd4unyHZ8ryBiMQkJm6KgdilpUo=
293293
github.com/bshuster-repo/logrus-logstash-hook v0.4.1/go.mod h1:zsTqEiSzDgAa/8GZR7E1qaXrhYNDKBYy5/dWPTIflbk=
294-
github.com/buger/jsonparser v0.0.0-20180808090653-f4dd9f5a6b44/go.mod h1:bbYlZJ7hK1yFx9hf58LP0zeX7UjIGs20ufpu3evjr+s=
294+
github.com/buger/jsonparser v1.1.1/go.mod h1:6RYKKt7H4d4+iWqouImQ9R2FZql3VbhNgx27UK13J/0=
295295
github.com/bugsnag/bugsnag-go v0.0.0-20141110184014-b1d153021fcd/go.mod h1:2oa8nejYd4cQ/b0hMIopN0lCRxU0bueqREvZLWFrtK8=
296296
github.com/bugsnag/osext v0.0.0-20130617224835-0dd3f918b21b/go.mod h1:obH5gd0BsqsP2LwDJ9aOkm/6J86V6lyAXCoQWGw3K50=
297297
github.com/bugsnag/panicwrap v0.0.0-20151223152923-e2c28503fcd0/go.mod h1:D/8v3kj0zr8ZAKg1AQ6crr+5VwKN5eIywRkfhyM/+dE=

0 commit comments

Comments
 (0)