35 matches found
EUVD-2023-3143
Malicious code in bioql PyPI...
EUVD-2024-0939
Malicious code in bioql PyPI...
EUVD-2024-0395
Malicious code in bioql PyPI...
GO-2024-2632 JWX vulnerable to a denial of service attack using compressed JWE message in github.com/lestrrat-go/jwx
An attacker with a trusted public key may cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the recipient, it results in significant memory allocation and processing time duri...
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in JWx [CVE-2024-28122]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in JWx, caused by a flaw when using a compressed JWE message CVE-2024-28122 . JWx is included as part of the utilities used by our Speech Services. This vulnerabilitiy has been addressed...
Denial Of Service (DoS)
JWX is vulnerable to Denial of Service DoS. The vulnerability is caused due improper checking of the decompressed data size, allowing an attacker to craft a malicious input with an exceptionally high compression ratio, leading to a Denial of Service DoS condition by consuming excessive memory...
CVE-2024-28122
An uncontrolled resource consumption vulnerability was found in jwx. This flaw allows an attacker with a trusted public key to cause a denial of service condition by crafting a malicious JWE token with an exceptionally high compression ratio...
CVE-2024-28122
JWX is Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high...
Design/Logic Flaw
JWX is Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high...
CVE-2024-28122 JWX vulnerable to a denial of service attack using compressed JWE message
JWX is Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high...
CVE-2024-28122
CVE-2024-28122 (JWx) is a DoS vulnerability in the Go JOSE library (jwx) where an attacker with a trusted public key can craft a JWE with an exceptionally high compression ratio to exhaust resources. The issue affects the JWx modules and has been patched in versions 1.2.29 and 2.0.21. Public deta...
CVE-2024-28122 JWX vulnerable to a denial of service attack using compressed JWE message
JWX is Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high...
CVE-2024-28122 JWX vulnerable to a denial of service attack using compressed JWE message
JWX is Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high...
JWX Security Vulnerabilities
lestrrat-go jwx is a library for lestrrat-go individual developers. A security vulnerability exists in JWX versions 1.2.29 and prior to 2.0.21, which originated from a vulnerability that allows an attacker in possession of a trusted public key to cause a denial of service by crafting malicious JS...
JWX vulnerable to a denial of service attack using compressed JWE message
Summary This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the recipient, it results in significant memory...
GHSA-HJ3V-M684-V259 JWX vulnerable to a denial of service attack using compressed JWE message
Summary This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the recipient, it results in significant memory...
GO-2024-2454 Panic due to nil pointer dereference in github.com/lestrrat-go/jwx/v2
Panic due to nil pointer dereference in github.com/lestrrat-go/jwx/v2...
Denial Of Service (DoS)
jwx is vulnerable to Denial Of Service DoS. The vulnerability is due to improper parsing of JSON payloads when the signature field is present while protected is absent, leading to null pointer dereference...
CVE-2024-21664
jwx is a Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. Calling jws.Parse with a JSON serialized payload where the signature field is present while protected is absent can lead to a nil pointer dereference. The vulnerability can be used to crash/DOS ...
CVE-2024-21664 Parsing JSON serialized payload without protected field can lead to segfault
jwx is a Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. Calling jws.Parse with a JSON serialized payload where the signature field is present while protected is absent can lead to a nil pointer dereference. The vulnerability can be used to crash/DOS ...