← Back to feed
Update:
[HIGH] GHSA-m5j3-4634-c2vq: Dasel: Index-out-of-range panic in dasel selector lexer on trailing backslash in quoted string
GitHub Security Advisory·Security·SecurityFix·5/19/2026
### Summary `dasel`'s selector lexer panics with an index-out-of-range error when tokenizing a quoted string that ends with a trailing backslash (e.g., `"\` or `'\`). A 2-byte input causes an immediate process crash via Go runtime panic. I confirmed the issue on `v3.3.1` (`fba653c7f248aff10f2b89fc
Why it matters → github.com/tomwright/dasel/v3 released an update. Review the changelog for relevant changes.
Who should care → Teams using github.com/tomwright/dasel/v3.
github.com/tomwright/dasel/v3
View original source ↗Source payload preview
{
"ghsaId": "GHSA-m5j3-4634-c2vq",
"summary": "Dasel: Index-out-of-range panic in dasel selector lexer on trailing backslash in quoted string",
"severity": "HIGH",
"updatedAt": "2026-05-19T20:08:13Z",
"references": [
{
"url": "https://github.com/TomWright/dasel/security/advisories/GHSA-m5j3-4634-c2vq"
},
{
"url": "https://github.com/advisories/GHSA-m5j3-4634-c2vq"
}
],
"description": "### Summary\n\n`dasel`'s selector lexer panics with an index-out-of-range error when tokenizing a quoted string that ends with a trailing backslash (e.g., `\"\\` or `'\\`). A 2-byte input causes an immediate process crash via Go runtime panic.\n\nI confirmed the issue on `v3.3.1` (`fba653c7f248aff10f2b89fca93929b64707dfc8`) and on `master` commit `0dd6132e0c58edbd9b1a
…