Jwx Security Vulnerabilities and Issues — Jwx CVE List

Lucene search

Lestrrat-goJwx

3 matches found

CVE•added 2024/01/09 8:15 p.m.•297 views

CVE-2024-21664

jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. Calling jws.Parse with a JSON serialized payload where the signature field is present while protected is absent can lead to a nil pointer dereference. The vulnerability can be used to crash/DOS ...

7.5CVSS7.2AI score0.00128EPSS

CVE•added 2023/12/05 12:15 a.m.•265 views

CVE-2023-49290

lestrrat-go/jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. A p2c parameter set too high in JWE's algorithm PBES2-* could lead to a denial of service. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2...

5.3CVSS5.1AI score0.00183EPSS

CVE•added 2024/03/09 1:15 a.m.•263 views

CVE-2024-28122

JWX is Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high comp...

6.8CVSS6.3AI score0.00033EPSS