2 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-30204
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits...
golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws
A flaw was found in the golang.org/x/oauth2/jws package in the token parsing component. This vulnerability is made possible because of the use of strings.Splittoken, "." to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large...