Skip to content

GHSA lookup

GHSA-Q3H9-M34W-H76F

Pruva has a verified reproduction for GHSA-Q3H9-M34W-H76F: jq: integer overflow in jv_string_concat triggers heap buffer overflow on large strings. The canonical evidence record is REPRO-2026-00170.

REPRO

REPRO-2026-00170

Package

jq · github

Severity

HIGH

Status

published