Lucene search
+L

191 matches found

RedHat Linux
RedHat Linux
added 2025/05/13 5:18 p.m.5 views

golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws

A flaw was found in the golang.org/x/oauth2/jws package in the token parsing component. This vulnerability is made possible because of the use of strings.Splittoken, "." to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large...

7.5CVSS7.1AI score0.00804EPSS
Exploits0References7
NVD
NVD
added 2025/05/13 5:16 p.m.17 views

CVE-2025-4658

Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH depends on the OpenPubkey library for authentication, this vulnerability in OpenPubkey also applies to OPKSSH versions prior to 0.5.0 and...

9.8CVSS0.00295EPSS
Exploits0References1
Snyk
Snyk
added 2025/05/13 4:44 p.m.1 views

Authentication Bypass by Primary Weakness

Overview Affected versions of this package are vulnerable to Authentication Bypass by Primary Weakness due to the improper handling of JWS signature verification. An attacker can bypass security checks and authenticate using a specially crafted JWS without valid credentials. Note: CVE-2025-4658 i...

10CVSS6.9AI score0.00355EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/13 4:33 p.m.21 views

CVE-2025-4658 Authentication Bypass in OPKSSH

Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification. As OPKSSH depends on the OpenPubkey library for authentication, this vulnerability in OpenPubkey also applies to OPKSSH versions prior to 0.5.0 and...

9.3CVSS0.00295EPSS
Exploits0References1
CVE
CVE
added 2025/05/13 4:33 p.m.60 views

CVE-2025-3757

OpenPubkey library, versions prior to 0.10.0, contain a vulnerability that allows a specially crafted JWS to bypass signature verification. This is documented across multiple connected sources (e.g., OSV/GHSA entries) and is the root cause described by CVE-2025-3757. Impact is high for confidenti...

9.8CVSS6.9AI score0.00355EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/05/13 4:33 p.m.8 views

CVE-2025-3757 Authentication Bypass in OpenPubKey

Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification...

9.3CVSS6.5AI score0.00355EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/13 4:33 p.m.27 views

CVE-2025-3757 Authentication Bypass in OpenPubKey

Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification...

9.3CVSS0.00355EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2025/05/13 4:33 p.m.11 views

CVE-2025-3757

Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification...

9.8CVSS8.4AI score0.00355EPSS
Exploits0
OSV
OSV
added 2025/05/13 4:33 p.m.8 views

CVE-2025-3757 Authentication Bypass in OpenPubKey

Versions of OpenPubkey library prior to 0.10.0 contained a vulnerability that would allow a specially crafted JWS to bypass signature verification...

9.3CVSS6AI score0.00355EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2025/05/13 1:53 p.m.4 views

golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws

A flaw was found in the golang.org/x/oauth2/jws package in the token parsing component. This vulnerability is made possible because of the use of strings.Splittoken, "." to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large...

7.5CVSS7.1AI score0.00804EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2025/04/18 7:32 p.m.22 views

Traefik affected by Go oauth2/jws Improper Validation of Syntactic Correctness of Input vulnerability

Summary We have encountered a security vulnerability being reported by our scanners for Traefik 2.11.22. - https://security.snyk.io/vuln/SNYK-CHAINGUARDLATEST-TRAEFIK33-9403297 Details It seems to target oauth2/jws library. PoC No steps to replicate this vulnerability Impact We have a strict...

7AI score
Exploits0References6Affected Software2
Amazon
Amazon
added 2025/04/16 12:0 a.m.5 views

Medium: containerd

Issue Overview: Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing...

8.7CVSS7.1AI score0.00369EPSS
Exploits0
Amazon
Amazon
added 2025/04/14 12:0 a.m.3 views

Medium: containerd

Issue Overview: Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing...

8.7CVSS7.8AI score0.00369EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2025/04/03 1:38 p.m.4 views

golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws

A flaw was found in the golang.org/x/oauth2/jws package in the token parsing component. This vulnerability is made possible because of the use of strings.Splittoken, "." to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large...

7.5CVSS7.1AI score0.00804EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/03/27 3:0 p.m.5 views

golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws

A flaw was found in the golang.org/x/oauth2/jws package in the token parsing component. This vulnerability is made possible because of the use of strings.Splittoken, "." to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large...

7.5CVSS7.1AI score0.00804EPSS
Exploits0References7
NVD
NVD
added 2025/02/24 11:15 p.m.21 views

CVE-2025-27144

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

8.7CVSS0.00369EPSS
Exploits0References3
OSV
OSV
added 2025/02/24 11:15 p.m.6 views

AZL-57162 CVE-2025-27144 affecting package packer for versions less than 1.9.5-10

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

8.7CVSS6.7AI score0.00369EPSS
Exploits0References1
OSV
OSV
added 2025/02/24 11:15 p.m.5 views

AZL-57180 CVE-2025-27144 affecting package containerized-data-importer for versions less than 1.55.0-23

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

8.7CVSS6.7AI score0.00369EPSS
Exploits0References1
OSV
OSV
added 2025/02/24 11:15 p.m.7 views

AZL-57153 CVE-2025-27144 affecting package containerd for versions less than 1.7.13-7

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

8.7CVSS6.7AI score0.00369EPSS
Exploits0References1
OSV
OSV
added 2025/02/24 11:15 p.m.5 views

AZL-57147 CVE-2025-27144 affecting package cert-manager for versions less than 1.11.2-20

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

8.7CVSS6.7AI score0.00369EPSS
Exploits0References1
Rows per page
Query Builder