Lucene search
K

10 matches found

OSV
OSV
added 2024/01/23 6:1 p.m.18 views

GO-2024-2454 Panic due to nil pointer dereference in github.com/lestrrat-go/jwx/v2

Panic due to nil pointer dereference in github.com/lestrrat-go/jwx/v2...

7.5CVSS7.4AI score0.00864EPSS
Exploits1References3
CNNVD
CNNVD
added 2024/01/09 12:0 a.m.6 views

lestrrat-go jwx code issue vulnerability

lestrrat-go jwx is a library for lestrrat-go individual developers. A code issue vulnerability exists in lestrrat-go jwx version 2.0.18 and earlier, which stems from a null pointer dereference issue...

7.5CVSS7.1AI score0.00864EPSS
Exploits1References5
NVD
NVD
added 2023/12/05 12:15 a.m.45 views

CVE-2023-49290

lestrrat-go/jwx is a Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. A p2c parameter set too high in JWE's algorithm PBES2- could lead to a denial of service. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c...

5.3CVSS0.00723EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/12/04 11:42 p.m.48 views

CVE-2023-49290 Malicious parameters can cause a denial of service in lestrrat-go/jwx

lestrrat-go/jwx is a Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. A p2c parameter set too high in JWE's algorithm PBES2- could lead to a denial of service. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c...

5.3CVSS5.5AI score0.00723EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/12/04 11:42 p.m.5 views

CVE-2023-49290 Malicious parameters can cause a denial of service in lestrrat-go/jwx

lestrrat-go/jwx is a Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. A p2c parameter set too high in JWE's algorithm PBES2- could lead to a denial of service. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c...

5.3CVSS7.2AI score0.00723EPSS
Exploits1References2
CVE
CVE
added 2023/12/04 11:42 p.m.349 views

CVE-2023-49290

Technical details about CVE-2023-49290 are not publicly provided in the connected documents. The initial description offers summary and fixes; monitor for further advisories and confirmed exploit information.

5.3CVSS5.1AI score0.00723EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2023/12/04 11:42 p.m.18 views

CVE-2023-49290 Malicious parameters can cause a denial of service in lestrrat-go/jwx

lestrrat-go/jwx is a Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. A p2c parameter set too high in JWE's algorithm PBES2- could lead to a denial of service. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c...

5.3CVSS5.6AI score0.00723EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/12/04 12:0 a.m.6 views

lestrrat-go jwx resource management error vulnerability

lestrrat-go jwx is a library for lestrrat-go individual developers. lestrrat-go jwx suffers from a resource management error vulnerability that originates from an attacker being able to cause a denial of service by causing a large amount of computation consumption using password brute force and...

5.3CVSS9.1AI score0.00723EPSS
Exploits1References4
Circl
Circl
added 2023/12/03 7:27 a.m.17 views

CVE-2023-49290

creationtimestamp| type| source ---|---|--- 2023-12-03 07:27:59+00:00| published-proof-of-concept| https://github.com/lestrrat-go/jwx/security/advisories/GHSA-7f9x-gw85-8grf...

5.3CVSS6AI score0.00723EPSS
Exploits1References1
OSV
OSV
added 2023/06/22 4:36 p.m.20 views

GO-2023-1859 Padding oracle vulnerability in github.com/lestrrat-go/jwx

AES-CBC decryption is vulnerable to a timing attack which may permit an attacker to recover the plaintext of JWE data...

7AI score
Exploits0References2
Rows per page
Query Builder