VDB
KO

GO-2026-4514

Denial of service in github.com/buger/jsonparser

Details

The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack.

Are you affected?

Enter the version of the package you're using.

Affected packages

Go / github.com/buger/jsonparser
Introduced in: 0 Fixed in: 1.1.2
Fix go get github.com/buger/jsonparser@v1.1.2

References