Lucene search
K

344 matches found

RedHat Linux
RedHat Linux
added 2025/04/03 1:38 p.m.12 views

go-jose: Go JOSE's Parsing Vulnerable to Denial of Service

A flaw was found in GO-JOSE. In affected versions, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code uses strings.Splittoken, "." to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large numb...

8.7CVSS6.8AI score0.00369EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/03/05 8:59 p.m.7 views

nimbus-jose-jwt: large JWE p2c header value causes Denial of Service

A vulnerability was found in the Nimbus Jose JWT package. By crafting a JWE with an excessively large p2c value, an attacker can trigger significant resource consumption during decryption, potentially leading to application slowdown or unavailability...

7.5CVSS6.8AI score0.00814EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/02/26 2:20 a.m.4 views

SUSE CVE-2025-27144

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

7.5CVSS7AI score0.00369EPSS
Exploits0References46
OSV
OSV
added 2025/02/24 11:15 p.m.7 views

AZL-57114 CVE-2025-27144 affecting package buildah for versions less than 1.41.4-2

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

8.7CVSS6.7AI score0.00369EPSS
Exploits0References1
OSV
OSV
added 2025/02/24 11:15 p.m.8 views

AZL-57195 CVE-2025-27144 affecting package rook for versions less than 1.6.2-25

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

8.7CVSS6.7AI score0.00369EPSS
Exploits0References1
OSV
OSV
added 2025/02/24 11:15 p.m.8 views

AZL-57165 CVE-2025-27144 affecting package keda for versions less than 2.14.1-3

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

8.7CVSS6.7AI score0.00369EPSS
Exploits0References1
OSV
OSV
added 2025/02/24 11:15 p.m.7 views

AZL-57105 CVE-2025-27144 affecting package ig for versions less than 0.37.0-3

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

8.7CVSS6.7AI score0.00369EPSS
Exploits0References1
OSV
OSV
added 2025/02/24 11:15 p.m.7 views

AZL-57129 CVE-2025-27144 affecting package influxdb for versions less than 2.7.5-2

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

8.7CVSS6.7AI score0.00369EPSS
Exploits0References1
OSV
OSV
added 2025/02/24 11:15 p.m.9 views

AZL-57144 CVE-2025-27144 affecting package containerd2 for versions less than 2.0.0-6

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

8.7CVSS6.7AI score0.00369EPSS
Exploits0References1
OSV
OSV
added 2025/02/24 11:15 p.m.5 views

AZL-57201 CVE-2025-27144 affecting package dcos-cli for versions less than 1.2.0-20

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

8.7CVSS6.7AI score0.00369EPSS
Exploits0References1
OSV
OSV
added 2025/02/24 11:15 p.m.6 views

AZL-57183 CVE-2025-27144 affecting package kubernetes for versions less than 1.28.4-15

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

8.7CVSS6.7AI score0.00369EPSS
Exploits0References1
OSV
OSV
added 2025/02/24 11:15 p.m.8 views

AZL-57207 CVE-2025-27144 affecting package buildah 1.18.0-29

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

8.7CVSS6.7AI score0.00369EPSS
Exploits0References1
OSV
OSV
added 2025/02/24 11:15 p.m.13 views

UBUNTU-CVE-2025-27144

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

8.7CVSS6.8AI score0.00369EPSS
Exploits0References5
OSV
OSV
added 2025/02/24 10:22 p.m.12 views

CVE-2025-27144 Go JOSE's Parsing Vulnerable to Denial of Service

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE...

8.7CVSS6.6AI score0.00369EPSS
Exploits0References5
OSV
OSV
added 2025/02/21 1:36 p.m.5 views

OESA-2025-1163 python-jwcrypto security update

Implements JWK, JWS, JWE specifications with python-cryptography Security Fixes: JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression...

6.8CVSS6.8AI score0.0098EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2025/02/11 7:35 a.m.7 views

Astra Linux – Vulnerability in python-jwcrypto

JWCrypto implements the JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker could cause a denial-of-service attack by passing in a malicious JWE Token with a high compression ratio. When the server processed this token, it would consume a lot of memory...

6.8CVSS6.3AI score0.0098EPSS
Exploits1References3
OSV
OSV
added 2025/01/24 1:37 p.m.3 views

OESA-2025-1076 podman security update

Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library. Security Fixes: If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavio...

5.9CVSS6.8AI score0.02085EPSS
Exploits0References3
OSV
OSV
added 2025/01/24 1:37 p.m.4 views

OESA-2025-1075 podman security update

Podman manages the entire container ecosystem which includes pods, containers, container images, and container volumes using the libpod library. Security Fixes: If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavio...

5.9CVSS6.8AI score0.02085EPSS
Exploits0References3
OSV
OSV
added 2024/11/22 2:22 p.m.7 views

OESA-2024-2443 python-jwcrypto security update

Implements JWK, JWS, JWE specifications with python-cryptography Security Fixes: VUL-0: CVE-2022-3102: python-jwcrypto: jwcrypto token substitution can lead to authentication bypassCVE-2022-3102 JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6...

6.8CVSS6.9AI score0.0098EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2024/11/12 9:19 a.m.34 views

Moderate: Red Hat Security Advisory: python-jwcrypto security update

An update for python-jwcrypto is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

5.3CVSS6.3AI score0.00884EPSS
Exploits0References4
Rows per page
Query Builder