2 matches found
Medium: runfinch-finch
Issue Overview: An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. CVE-2024-45338 golang-jwt is a Go implementation of JSON Web Tokens. Unclear...
AZL-52221 CVE-2024-51744 affecting package moby-engine for versions less than 24.0.9-17
golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...