Lucene search
K

29 matches found

RedHat Linux
RedHat Linux
added 4 days ago4 views

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS6.7AI score0.00651EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 4 days ago5 views

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS6.7AI score0.00651EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 6 days ago5 views

RHEL 9 : osbuild-composer (RHSA-2026:32991)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:32991 advisory. A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for...

7.5CVSS6.8AI score0.00651EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2026/06/11 1:56 p.m.13 views

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS6.9AI score0.00651EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/11 1:40 p.m.9 views

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS6.9AI score0.00651EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/06/03 8:19 a.m.18 views

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS6.8AI score0.00651EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/28 12:0 a.m.7 views

RockyLinux 9 : python-jwcrypto (RLSA-2026:19197)

The remote RockyLinux 9 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2026:19197 advisory. JWCrypto: python-cryptography: python: JWCrypto: Memory exhaustion via crafted compressed JWE tokens CVE-2026-39373 Tenable has extracted the preceding descripti...

5.3CVSS5.8AI score0.00294EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2026/05/26 5:28 a.m.17 views

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS6.8AI score0.00651EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/26 3:26 a.m.23 views

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS6.8AI score0.00651EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2026/05/19 1:25 p.m.11 views

Low: Red Hat Security Advisory: python-jwcrypto security update

An update for python-jwcrypto is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fro...

5.3CVSS5.8AI score0.00294EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2026/05/19 1:24 p.m.14 views

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS6.3AI score0.00651EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/05/19 12:0 a.m.12 views

RHEL 10 : python-jwcrypto (RHSA-2026:19042)

The remote Redhat Enterprise Linux 10 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:19042 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic...

5.3CVSS5.8AI score0.00294EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2026/05/13 1:20 p.m.43 views

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS6.3AI score0.00651EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/04/30 12:0 a.m.5 views

Amazon Linux 2 : python-jwcrypto, --advisory ALAS2-2026-3254 (ALAS-2026-3254)

The version of python-jwcrypto installed on the remote host is prior to 0.4.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3254 advisory. JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker...

6.8CVSS6.3AI score0.0098EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2026/04/28 12:0 a.m.5 views

RockyLinux 9 : buildah (RLSA-2026:10135)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:10135 advisory. github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption JWE object CVE-2026-34986 Tenable has...

7.5CVSS6.2AI score0.00651EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/04/24 7:46 a.m.10 views

github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object

A flaw was found in Go JOSE, a library for handling JSON Web Encryption JWE objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the...

7.5CVSS5.5AI score0.00651EPSS
Exploits0References6
OPENSUSE Linux
OPENSUSE Linux
added 2026/04/16 12:0 a.m.12 views

Security update for python-jwcrypto (important)

openSUSE Security Update: Security update for python-jwcrypto Announcement ID: openSUSE-SU-2026:0130-1 Rating: important References: 1209496 1219837 1221230 1261802 Cross-References: CVE-2022-3102 CVE-2023-6681 CVE-2024-28102 CVE-2026-39373 CVSS scores: CVE-2022-3102 SUSE: 4.2...

8.7CVSS6.5AI score0.0098EPSS
Exploits2References4
OPENSUSE Linux
OPENSUSE Linux
added 2026/04/16 12:0 a.m.6 views

Security update for python-jwcrypto (important)

openSUSE Security Update: Security update for python-jwcrypto Announcement ID: openSUSE-SU-2026:0129-1 Rating: important References: 1209496 1219837 1221230 1261802 Cross-References: CVE-2022-3102 CVE-2023-6681 CVE-2024-28102 CVE-2026-39373 CVSS scores: CVE-2022-3102 SUSE: 4.2...

8.7CVSS6.5AI score0.0098EPSS
Exploits2References4
PyPA
PyPA
added 2025/12/17 4:16 p.m.63 views

PYSEC-2025-185

In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...

5.3CVSS5.8AI score0.00166EPSS
Exploits1References2Affected Software1
Snyk
Snyk
added 2025/11/12 5:44 p.m.2 views

Denial of Service (DoS)

Overview github.com/dvsekhvalnov/jose2go is a Pure Golang GO library for generating, decoding and encrypting JSON Web Tokens. Zero dependency, relies only on standard library. Affected versions of this package are vulnerable to Denial of Service DoS via the processing of crafted JSON Web Encrypti...

8.7CVSS6.7AI score0.00236EPSS
Exploits1References2
Rows per page
Query Builder