14 matches found
CVE-2026-39821 affecting package jx for versions less than 3.10.182-4
CVE-2026-39821 affecting package jx for versions less than 3.10.182-4. A patched version of the package is available...
CVE-2025-30204 affecting package jx for versions less than 3.2.236-25
CVE-2025-30204 affecting package jx for versions less than 3.2.236-25. A patched version of the package is available...
CVE-2025-58058 affecting package jx for versions less than 3.10.182-3
CVE-2025-58058 affecting package jx for versions less than 3.10.182-3. A patched version of the package is available...
AZL-66735 CVE-2025-58058 affecting package jx for versions less than 3.2.236-23
xz is a pure golang package for reading and writing xz-compressed files. Prior to version 0.5.14, it is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current...
CVE-2024-51744 affecting package jx for versions less than 3.2.236-21
CVE-2024-51744 affecting package jx for versions less than 3.2.236-21. A patched version of the package is available...
AZL-77511 CVE-2025-30204 affecting package jx for versions less than 3.2.236-25
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...
CVE-2023-44487 affecting package jx for versions less than 3.2.236-13
CVE-2023-44487 affecting package jx for versions less than 3.2.236-13. A patched version of the package is available...
CVE-2023-39325 affecting package jx for versions less than 3.10.182-1
CVE-2023-39325 affecting package jx for versions less than 3.10.182-1. An upgraded version of the package is available that resolves this issue...
CVE-2024-51744 affecting package jx for versions less than 3.10.182-1
CVE-2024-51744 affecting package jx for versions less than 3.10.182-1. An upgraded version of the package is available that resolves this issue...
AZL-38233 CVE-2023-45288 affecting package jx for versions less than 3.10.116-2
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no...
AZL-34818 CVE-2023-39325 affecting package jx for versions less than 3.10.182-1
A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a ne...
AZL-34819 CVE-2023-44487 affecting package jx for versions less than 3.2.236-13
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
AZL-31313 CVE-2023-44487 affecting package jx for versions less than 3.2.236-13
The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023...
AZL-33592 CVE-2021-44716 affecting package jx for versions less than 3.2.236-16
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...