10 matches found
avsig
⚡ AVSIG JWT Inspector & Security Auditor - decode, anal...
CVE-2026-25783
CVE-2026-25783 affects Mattermost versions 11.3.x up to 11.3.0, 11.2.x up to 11.2.2, and 10.11.x up to 10.11.10. An authenticated attacker can trigger a request panic by sending specially crafted User-Agent header, due to improper validation of User-Agent header tokens. The CVSS score is 4.3 (Med...
CLEANSTART-2025-ZR62045 attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing
Multiple security vulnerabilities affect the clickhouse-operator package. An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing. See references for individual vulnerability details...
go-jose: Go JOSE's Parsing Vulnerable to Denial of Service
A flaw was found in GO-JOSE. In affected versions, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code uses strings.Splittoken, "." to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large numb...
Denial Of Service (DoS)
github.com/traefik/traefik is vulnerable to Denial Of Service DoS. The vulnerability is due to improper input validation and insufficient handling of malformed tokens during parsing, allows the attacker to exploit the system by sending a crafted token that triggers excessive memory consumption...
golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws
A flaw was found in the golang.org/x/oauth2/jws package in the token parsing component. This vulnerability is made possible because of the use of strings.Splittoken, "." to split JWT tokens, which can lead to excessive memory consumption when processing maliciously crafted tokens with a large...
go-jose: Go JOSE's Parsing Vulnerable to Denial of Service
A flaw was found in GO-JOSE. In affected versions, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code uses strings.Splittoken, "." to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large numb...
Google Go 安全漏洞
Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google USA. A security vulnerability exists in Google Go that stems from unexpected memory consumption when parsing malicious malformed tokens...
DEBIAN-CVE-2025-27144
Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...
DoS in go-jose Parsing
Impact When parsing compact JWS or JWE input, go-jose could use excessive memory. The code used strings.Splittoken, "." to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of '.' characters. An attacker could...