CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

RedHat Linux•added 2025/04/03 1:38 p.m.•2 views

go-jose: Go JOSE's Parsing Vulnerable to Denial of Service

A flaw was found in GO-JOSE. In affected versions, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code uses strings.Splittoken, "." to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large numb...

8.7CVSS6.8AI score0.00101EPSS

Exploits0References7

OSV•added 2025/03/21 10:15 p.m.•4 views

AZL-59168 CVE-2025-30204 affecting package etcd for versions less than 3.5.21-1

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...

7.5CVSS6.7AI score0.00083EPSS

Exploits0References1

OSV•added 2025/02/24 11:15 p.m.•1 views

AZL-57135 CVE-2025-27144 affecting package gh for versions less than 2.62.0-7

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

8.7CVSS6.7AI score0.00101EPSS

Exploits0References1

OSV•added 2025/02/24 11:15 p.m.•1 views

AZL-57174 CVE-2025-27144 affecting package telegraf for versions less than 1.31.0-9

8.7CVSS6.7AI score0.00101EPSS

Exploits0References1

OSV•added 2025/02/24 11:15 p.m.•2 views

AZL-57099 CVE-2025-27144 affecting package influxdb for versions less than 2.6.1-21

8.7CVSS6.7AI score0.00101EPSS

Exploits0References1

OSV•added 2025/02/24 11:15 p.m.•1 views

AZL-57102 CVE-2025-27144 affecting package dcos-cli for versions less than 1.2.0-17