Описание
An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allowing an attacker to cause a Denial-of-Service (DoS) via crafted JSON Web Encryption (JWE) token with an exceptionally high compression ratio.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| golang-github-dvsekhvalnov-jose2go | unfixed | package | ||
| golang-github-dvsekhvalnov-jose2go | no-dsa | trixie | package | |
| golang-github-dvsekhvalnov-jose2go | no-dsa | bookworm | package | |
| golang-github-dvsekhvalnov-jose2go | postponed | bullseye | package |
Примечания
https://github.com/dvsekhvalnov/jose2go/issues/33
EPSS
Связанные уязвимости
An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allowing an attacker to cause a Denial-of-Service (DoS) via crafted JSON Web Encryption (JWE) token with an exceptionally high compression ratio.
An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allowing an attacker to cause a Denial-of-Service (DoS) via crafted JSON Web Encryption (JWE) token with an exceptionally high compression ratio.
jose2go is vulnerable to a JWT bomb attack through its decode function
EPSS