Lucene search
K

107 matches found

OSV
OSV
added 2026/05/21 4:24 p.m.7 views

RLSA-2025:7967 Important: osbuild-composer security update

A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes:...

7.5CVSS6.8AI score0.00693EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in golang-github-golang-jwt-jwt

golang-jwt is a Go implementation of JSON Web Tokens. Starting from version 3.2.0 and before versions 5.2.2 and 4.5.2, the parse.ParseUnverified function splits its argument which contains untrusted data using periods. As a result, in the case of a malicious request where the Authorization header...

7.5CVSS6.7AI score0.00693EPSS
Exploits0References2
Fedora
Fedora
added 2025/12/30 12:38 a.m.8 views

[SECURITY] Fedora 43 Update: golang-github-jwt-5-5.2.1-6.fc43

A Go implementation of JSON Web Tokens...

7.5CVSS7AI score0.00626EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.4 views

TencentOS Server 3: osbuild-composer (TSSA-2025:0460)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0460 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

7.5CVSS7.3AI score0.00693EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2025/11/03 9:6 a.m.37 views

Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.

Summary IBM Maximo Application Suite uses "form-data 4.0.0, org.apache.cxfcxf-core 3.6.7 , net/http/internal v1.24.1, braces 3.0.2 , cross-spawn 7.0.3 , crypto/x509 1.24.1 1.24.3 , github.com/golang-jwt/jwt/v4 github.com/golang-jwt/jwt/v5 v4.5.0 v5.2.1 , httpd 2.4.37 , setuptools 78.0.2 75.8.0 ,...

9.8CVSS8.2AI score0.91327EPSS
Exploits10Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.2 views

EUVD-2025-7207

Malicious code in bioql PyPI...

7.5CVSS6.4AI score0.00693EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-3178

Malicious code in bioql PyPI...

3.1CVSS6.3AI score0.00521EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2025/09/18 4:52 a.m.7 views

Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.60 bug fix and security update

Red Hat OpenShift Container Platform release 4.13.60 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...

7.5CVSS6.8AI score0.00856EPSS
Exploits0References5
Rockylinux
Rockylinux
added 2025/07/29 1:40 p.m.7 views

opentelemetry-collector security update

An update is available for opentelemetry-collector. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Collector with the supported components for a Rocky Enterpris...

7.5CVSS7.3AI score0.00693EPSS
Exploits0
OSV
OSV
added 2025/07/29 1:40 p.m.8 views

RLSA-2025:3411 Important: opentelemetry-collector security update

Collector with the supported components for a Rocky Enterprise Software Foundation build of OpenTelemetry Security Fixes: golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing CVE-2025-30204 For more details about the security issues, including the impact, a CVSS score,...

7.5CVSS7.8AI score0.00693EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2025/07/15 12:0 a.m.10 views

The vulnerability of the parse.ParseUnverified() function in the golang-jwt library for handling web tokens allows attackers to disclose sensitive information that should be protected.

The vulnerability of the parse.ParseUnverified function in the golang-jwt library for handling web tokens in the Go programming language is related to uncontrolled resource consumption. Exploiting this vulnerability allows an attacker to disclose protected information...

7.8CVSS6.6AI score0.00693EPSS
Exploits0References17Affected Software12
F5 Networks
F5 Networks
added 2025/07/14 2:44 p.m.11 views

K000152565: Golang-JWT vulnerability CVE-2025-30204

Security Advisory Description golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a...

7.5CVSS6.5AI score0.00693EPSS
Exploits0
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/08 7:0 a.m.8 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in github.com/golang-jwt/jwt/v4 v4.4.2

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of github.com/golang-jwt/jwt/v4 v4.4.2 Vulnerability Details CVEID:CVE-2024-51744 DESCRIPTION: golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to...

3.1CVSS6.5AI score0.00521EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/07/01 6:52 a.m.11 views

Security Bulletin: parse.ParseUnverified vulnerability affects watsonx.data

Summary golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request who...

7.5CVSS6.8AI score0.00693EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/25 4:28 p.m.3 views

Security Bulletin: IBM Storage Protect Server is susceptible to vulnerabilities due to golang-JWT (CVE-2024-51744)

Summary Golang JWT is used by the IBM Storage Protect Server OSSM and Object Agent component. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID:CVE-2024-51744 DESCRIPTION: golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of th...

3.1CVSS6.4AI score0.00521EPSS
Exploits0Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/06/13 3:58 p.m.9 views

Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to asymmetric resource consumption in golang-jwt [CVE-2025-30204]

Summary IBM Watson Speech Services Cartridge is vulnerable to asymmetric resource consumption in golang-jwt, due to a flaw in the , the function parse.ParseUnverified splits CVE-2025-30204. Golang-jwt is included as part of our speech utilities. This vulnerabilitiy has been addressed. Please read...

7.5CVSS7.5AI score0.00693EPSS
Exploits0Affected Software1
RedHat Linux
RedHat Linux
added 2025/06/02 2:56 p.m.11 views

Important: Red Hat Security Advisory: Red Hat multicluster global hub 1.4.1 bug fixes and container updates

Red Hat multicluster global hub 1.4.1 general availability release, with updates to container images and bug fixes. Red Hat multicluster global hub 1.4.1 images This advisory contains the container images for multicluster global hub. These container images provide enhancements. security fixes:...

7.5CVSS6.7AI score0.00693EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/05/28 3:24 p.m.7 views

golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing

A flaw was found in the golang-jwt implementation of JSON Web Tokens JWT. In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an...

7.5CVSS7.1AI score0.00693EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/05/21 3:37 p.m.3 views

golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing

A flaw was found in the golang-jwt implementation of JSON Web Tokens JWT. In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an...

7.5CVSS7.1AI score0.00693EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/05/21 12:0 a.m.7 views

RHEL 8 : osbuild-composer (RHSA-2025:8075)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8075 advisory. A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for...

7.5CVSS7.3AI score0.00693EPSS
Exploits0References4
Rows per page
Query Builder