Lestrrat-go

Jwx

3 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2024-28122

Exploit
  • EPSS 0.15%
  • Veröffentlicht 09.03.2024 01:15:06
  • Zuletzt bearbeitet 05.12.2025 16:23:49

JWX is Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encr...

7.5

CVE-2024-21664

Exploit
  • EPSS 0.18%
  • Veröffentlicht 09.01.2024 20:15:43
  • Zuletzt bearbeitet 21.11.2024 08:54:49

jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. Calling `jws.Parse` with a JSON serialized payload where the `signature` field is present while `protected` is absent can lead to a nil pointer d...

5.3

CVE-2023-49290

Exploit
  • EPSS 0.18%
  • Veröffentlicht 05.12.2023 00:15:09
  • Zuletzt bearbeitet 21.11.2024 08:33:11

lestrrat-go/jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. A p2c parameter set too high in JWE's algorithm PBES2-* could lead to a denial of service. The JWE key management algorithms based on...