AZL-52183 CVE-2024-51744 affecting package cert-manager for versions less than 1.12.15-1

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52227 CVE-2024-51744 affecting package kube-vip-cloud-provider for versions less than 0.0.2-22

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52216 CVE-2024-51744 affecting package etcd for versions less than 3.5.18-1

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52219 CVE-2024-51744 affecting package moby-engine for versions less than 25.0.3-13

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52198 CVE-2024-51744 affecting package dcos-cli for versions less than 1.2.0-18

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52251 CVE-2024-51744 affecting package cf-cli for versions less than 8.4.0-24

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52275 CVE-2024-51744 affecting package kubernetes for versions less than 1.28.4-17

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52221 CVE-2024-51744 affecting package moby-engine for versions less than 24.0.9-17

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52260 CVE-2024-51744 affecting package azcopy for versions less than 10.25.1-5

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52189 CVE-2024-51744 affecting package packer for versions less than 1.9.5-9

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52204 CVE-2024-51744 affecting package kubernetes for versions less than 1.30.10-5

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52278 CVE-2024-51744 affecting package telegraf for versions less than 1.29.4-15

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52180 CVE-2024-51744 affecting package nmi 1.8.17-6

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52207 CVE-2024-51744 affecting package telegraf for versions less than 1.31.0-7

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52242 CVE-2024-51744 affecting package rook for versions less than 1.6.2-26

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52266 CVE-2024-51744 affecting package prometheus for versions less than 2.37.9-4

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52192 CVE-2024-51744 affecting package influxdb for versions less than 2.7.5-4

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

AZL-52171 CVE-2024-51744 affecting package coredns for versions less than 1.11.4-1

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

UBUNTU-CVE-2024-51744

golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...

jwt-go 安全漏洞

jwt-go is a Go language JWT implementation of the golang-jwt open source. A security vulnerability exists in jwt-go version 4.5.0 and earlier, which stems from an unspecified leave-behind of the error behavior in ParseWithClaims, which can prevent users from checking for errors in the way they...