19 matches found
Astra Linux - уязвимость в golang-github-golang-jwt-jwt
golang-jwt is a Go implementation of JSON Web Tokens. Starting from version 3.2.0 and before versions 5.2.2 and 4.5.2, the parse.ParseUnverified function splits its argument which contains untrusted data using periods. As a result, in the case of a malicious request where the Authorization header...
jwt-go allows excessive memory allocation during header parsing
golang-jwt is vulnerable to excessive memory allocation due to improper handling of the parse.ParseUnverified function. This could allow an attacker to cause significant memory consumption by sending a malicious request with an Authorization header containing many period characters...
ROS-20250822-08
Vulnerability of parse.ParseUnverified function of golang-jwt web token library of Go programming language is related to uncontrolled resource consumption. Go programming language is related to uncontrolled resource consumption. Exploitation of the vulnerability allows an attacker acting remotely...
ROS-20250822-07
Vulnerability of parse.ParseUnverified function of golang-jwt web token library of Go programming language is related to uncontrolled resource consumption. Go programming language is related to uncontrolled resource consumption. Exploitation of the vulnerability allows an attacker acting remotely...
Linux Distros Unpatched Vulnerability : CVE-2025-30204
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits...
AZL-59227 CVE-2025-30204 affecting package etcd for versions less than 3.5.21-1
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...
AZL-59217 CVE-2025-30204 affecting package moby-engine for versions less than 24.0.9-16
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...
AZL-77496 CVE-2025-30204 affecting package dcos-cli for versions less than 1.2.0-24
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...
AZL-59172 CVE-2025-30204 affecting package blobfuse2 for versions less than 2.3.2-2
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...
DEBIAN-CVE-2025-30204
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...
AZL-59165 CVE-2025-30204 affecting package cert-manager for versions less than 1.12.15-3
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...
AZL-59220 CVE-2025-30204 affecting package terraform for versions less than 1.3.2-24
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...
AZL-77498 CVE-2025-30204 affecting package dcos-cli 1.2.0-20
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...
AZL-59207 CVE-2025-30204 affecting package kubernetes for versions less than 1.30.10-4
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...
AZL-59193 CVE-2025-30204 affecting package application-gateway-kubernetes-ingress for versions less than 1.7.7-2
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...
UBUNTU-CVE-2025-30204
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits via a call to strings.Split its argument which is untrusted data on periods. As a result, in the face of a malicious request whose...
Asymmetric Resource Consumption (Amplification)
Overview Affected versions of this package are vulnerable to Asymmetric Resource Consumption Amplification through the parse.ParseUnverified function. An attacker can cause excessive memory allocation by sending a crafted request with many period characters in the Authorization header. Remediatio...
Asymmetric Resource Consumption (Amplification)
Overview Affected versions of this package are vulnerable to Asymmetric Resource Consumption Amplification through the parse.ParseUnverified function. An attacker can cause excessive memory allocation by sending a crafted request with many period characters in the Authorization header. Remediatio...
jwt-go 安全漏洞
jwt-go is a Go language JWT implementation of the golang-jwt open source. A security vulnerability exists in jwt-go versions prior to 5.2.2 and prior to 4.5.2, which stems from a memory allocation issue that can be caused by the parse.ParseUnverified function when processing malicious requests...