3 matches found
CVE-2025-45767
jose v6.0.10 was discovered to contain weak encryption. NOTE: this is disputed by a third party because the claim of "do not meet recommended security standards" does not reflect guidance in a final publication...
Advisory ROSA-SA-2025-2878
Software: jose 10 OS: ROSA Virtualization 2.1 packageevrstring: jose-10-2.rv3.3 CVE-ID: CVE-2023-50967 BDU-ID: 2024-02461 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the C language module for signing and encrypting JSON latchset Jose objects is associated with uncontrolled resource consumption...
PT-2025-7796
Name of the Vulnerable Software and Affected Versions Go JOSE versions 4.0.0 through 4.0.4 Description The issue is related to excessive memory consumption when parsing compact JWS or JWE input. The code uses strings.Splittoken, "." to split JWT tokens, which is vulnerable to excessive memory...