There are 3 open security issues in buster.
1 important issue:
- CVE-2020-35380:
GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON.
2 issues left for the package maintainer to handle:
- CVE-2020-36066:
(needs triaging)
GJSON <1.6.5 allows attackers to cause a denial of service (remote) via crafted JSON.
- CVE-2020-36067:
(needs triaging)
GJSON <=v1.6.5 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a crafted GET call.
You can find information about how to handle these issues in the security team's documentation.