CVE-2020-35381 Affecting golang-github-buger-jsonparser package, versions *


Severity

Recommended
medium

Based on Ubuntu security rating.

Threat Intelligence

EPSS
0.43% (62nd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UBUNTU2004-GOLANGGITHUBBUGERJSONPARSER-1131410
  • published25 Jun 2025
  • disclosed15 Dec 2020

Introduced: 15 Dec 2020

CVE-2020-35381  (opens in a new tab)

How to fix?

There is no fixed version for Ubuntu:20.04 golang-github-buger-jsonparser.

NVD Description

Note: Versions mentioned in the description apply only to the upstream golang-github-buger-jsonparser package and not the golang-github-buger-jsonparser package as distributed by Ubuntu. See How to fix? for Ubuntu:20.04 relevant fixed versions and status.

jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call.

CVSS Base Scores

version 3.1