jose2go is vulnerable to Denial of Service (DoS). The vulnerability is caused due to a lack of input validation and handling for the “p2c” (PBES2 Count) parameter. This allows an attacker to provide a large “p2c” value, leading to a Denial of Service (DoS) (CPU consumption) vulnerability.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/dvsekhvalnov/jose2go | eq | HEAD | |
github.com/dvsekhvalnov/jose2go | eq | HEAD |