107 matches found
RLSA-2025:7967 Important: osbuild-composer security update
A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients. Security Fixes:...
Astra Linux – Vulnerability in golang-github-golang-jwt-jwt
golang-jwt is a Go implementation of JSON Web Tokens. Starting from version 3.2.0 and before versions 5.2.2 and 4.5.2, the parse.ParseUnverified function splits its argument which contains untrusted data using periods. As a result, in the case of a malicious request where the Authorization header...
[SECURITY] Fedora 43 Update: golang-github-jwt-5-5.2.1-6.fc43
A Go implementation of JSON Web Tokens...
TencentOS Server 3: osbuild-composer (TSSA-2025:0460)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0460 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
Security Bulletin: IBM Maximo Application Suite uses multiple third party dependencies which are vulnerable to CVEs.
Summary IBM Maximo Application Suite uses "form-data 4.0.0, org.apache.cxfcxf-core 3.6.7 , net/http/internal v1.24.1, braces 3.0.2 , cross-spawn 7.0.3 , crypto/x509 1.24.1 1.24.3 , github.com/golang-jwt/jwt/v4 github.com/golang-jwt/jwt/v5 v4.5.0 v5.2.1 , httpd 2.4.37 , setuptools 78.0.2 75.8.0 ,...
EUVD-2025-7207
Malicious code in bioql PyPI...
EUVD-2024-3178
Malicious code in bioql PyPI...
Important: Red Hat Security Advisory: OpenShift Container Platform 4.13.60 bug fix and security update
Red Hat OpenShift Container Platform release 4.13.60 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a...
opentelemetry-collector security update
An update is available for opentelemetry-collector. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Collector with the supported components for a Rocky Enterpris...
RLSA-2025:3411 Important: opentelemetry-collector security update
Collector with the supported components for a Rocky Enterprise Software Foundation build of OpenTelemetry Security Fixes: golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing CVE-2025-30204 For more details about the security issues, including the impact, a CVSS score,...
The vulnerability of the parse.ParseUnverified() function in the golang-jwt library for handling web tokens allows attackers to disclose sensitive information that should be protected.
The vulnerability of the parse.ParseUnverified function in the golang-jwt library for handling web tokens in the Go programming language is related to uncontrolled resource consumption. Exploiting this vulnerability allows an attacker to disclose protected information...
K000152565: Golang-JWT vulnerability CVE-2025-30204
Security Advisory Description golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in github.com/golang-jwt/jwt/v4 v4.4.2
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of github.com/golang-jwt/jwt/v4 v4.4.2 Vulnerability Details CVEID:CVE-2024-51744 DESCRIPTION: golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to...
Security Bulletin: parse.ParseUnverified vulnerability affects watsonx.data
Summary golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request who...
Security Bulletin: IBM Storage Protect Server is susceptible to vulnerabilities due to golang-JWT (CVE-2024-51744)
Summary Golang JWT is used by the IBM Storage Protect Server OSSM and Object Agent component. The vulnerabilities in the product component have been addressed. Vulnerability Details CVEID:CVE-2024-51744 DESCRIPTION: golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of th...
Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to asymmetric resource consumption in golang-jwt [CVE-2025-30204]
Summary IBM Watson Speech Services Cartridge is vulnerable to asymmetric resource consumption in golang-jwt, due to a flaw in the , the function parse.ParseUnverified splits CVE-2025-30204. Golang-jwt is included as part of our speech utilities. This vulnerabilitiy has been addressed. Please read...
Important: Red Hat Security Advisory: Red Hat multicluster global hub 1.4.1 bug fixes and container updates
Red Hat multicluster global hub 1.4.1 general availability release, with updates to container images and bug fixes. Red Hat multicluster global hub 1.4.1 images This advisory contains the container images for multicluster global hub. These container images provide enhancements. security fixes:...
golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing
A flaw was found in the golang-jwt implementation of JSON Web Tokens JWT. In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an...
golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing
A flaw was found in the golang-jwt implementation of JSON Web Tokens JWT. In affected versions, a malicious request with specially crafted Authorization header data may trigger an excessive consumption of resources on the host system. This issue can cause significant performance degradation or an...
RHEL 8 : osbuild-composer (RHSA-2025:8075)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:8075 advisory. A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for...