VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-rd6j-u6sd-c3f6

Essentials
Severities (33)
References (13)
Severity details (17)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-rd6j-u6sd-c3f6
Aliases	CVE-2020-35381 GHSA-8vrw-m3j9-j27c
Summary	Denial of Service in jsonparser jsonparser before 1.1.1 allows attackers to cause a denial of service via a GET call.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-125	Out-of-bounds Read
CWE-129	Improper Validation of Array Index

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35381.json
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2020-35381
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2020-35381
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2020-35381
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2020-35381
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2020-35381
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2020-35381
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2020-35381
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2020-35381
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2020-35381
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2020-35381
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2020-35381
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2020-35381
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2020-35381
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2020-35381
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2020-35381
epss	0.00243	https://api.first.org/data/v1/epss?cve=CVE-2020-35381
cvssv3.1	7.5	https://github.com/buger/jsonparser
generic_textual	HIGH	https://github.com/buger/jsonparser
cvssv3.1	7.5	https://github.com/buger/jsonparser/commit/df3ea76ece10095374fd1c9a22a4fb85a44efc42
generic_textual	HIGH	https://github.com/buger/jsonparser/commit/df3ea76ece10095374fd1c9a22a4fb85a44efc42
cvssv3.1	7.5	https://github.com/buger/jsonparser/issues/219
generic_textual	HIGH	https://github.com/buger/jsonparser/issues/219
cvssv3.1	7.5	https://github.com/buger/jsonparser/pull/221
generic_textual	HIGH	https://github.com/buger/jsonparser/pull/221
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27EA7OGCELV7QFAGVIHODHWKMKGFVIUZ
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27EA7OGCELV7QFAGVIHODHWKMKGFVIUZ
cvssv3.1	7.5	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LJO5N7YTDEUSTKYTNA372CE6VHCZJWUG
generic_textual	HIGH	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LJO5N7YTDEUSTKYTNA372CE6VHCZJWUG
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2020-35381
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2020-35381
cvssv3.1	7.5	https://pkg.go.dev/vuln/GO-2021-0057
generic_textual	HIGH	https://pkg.go.dev/vuln/GO-2021-0057

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35381.json
		https://api.first.org/data/v1/epss?cve=CVE-2020-35381
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35381
		https://github.com/buger/jsonparser
		https://github.com/buger/jsonparser/commit/df3ea76ece10095374fd1c9a22a4fb85a44efc42
		https://github.com/buger/jsonparser/issues/219
		https://github.com/buger/jsonparser/pull/221
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27EA7OGCELV7QFAGVIHODHWKMKGFVIUZ
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LJO5N7YTDEUSTKYTNA372CE6VHCZJWUG
		https://nvd.nist.gov/vuln/detail/CVE-2020-35381
		https://pkg.go.dev/vuln/GO-2021-0057
1908451		https://bugzilla.redhat.com/show_bug.cgi?id=1908451
978445		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978445

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35381.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/buger/jsonparser

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/buger/jsonparser/commit/df3ea76ece10095374fd1c9a22a4fb85a44efc42

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/buger/jsonparser/issues/219

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://github.com/buger/jsonparser/pull/221

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/27EA7OGCELV7QFAGVIHODHWKMKGFVIUZ

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LJO5N7YTDEUSTKYTNA372CE6VHCZJWUG

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-35381

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://pkg.go.dev/vuln/GO-2021-0057

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.47447
EPSS Score	0.00243
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:08:36.869048+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8vrw-m3j9-j27c/GHSA-8vrw-m3j9-j27c.json	38.0.0