Lucene search

GitHub Advisory DatabaseGHSA-6294-6RGP-FR7R

HistoryFeb 29, 2024 - 3:33 a.m.

jose2go vulnerable to denial of service via large p2c value

2024-02-2903:33:14

GitHub Advisory Database

github.com

jose2go

denial of service

cpu consumption

pbes2 count

software

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

Affected configurations

Vulners

Node

github.com\/dvsekhvalnov\/jose2goRange<1.6.0

CPENameOperatorVersion
github.com/dvsekhvalnov/jose2golt1.6.0

CPE	Name	Operator	Version
	github.com/dvsekhvalnov/jose2go	lt	1.6.0

github.com/advisories/GHSA-6294-6rgp-fr7r

github.com/dvsekhvalnov/jose2go/commit/a4584e9dd7128608fedbc67892eba9697f0d5317

github.com/dvsekhvalnov/jose2go/compare/v1.5.0...v1.6.0

nvd.nist.gov/vuln/detail/CVE-2023-50658