GJSON versions before 1.9.3 contain a Regular Expression Denial of Service (ReDoS) flaw — tracked as CVE-2021-42836 — that can be triggered by crafted JSON paths or queries and allow an attacker to drive CPU consumption to the point of service disruption.
Background / Overview
GJSON is a widely...
