Описание
The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | needs-triage | |
| esm-apps/jammy | needs-triage | |
| esm-apps/noble | needs-triage | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | needs-triage | |
| lunar | ignored | end of life, was needs-triage |
| mantic | ignored | end of life, was needs-triage |
| noble | needs-triage |
Показывать по
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
The jose4j component before 0.9.4 for Java allows attackers to cause a ...
jose4j denial of service via specifically crafted JWE
Уязвимость JWT-библиотеки Jose4j, связанная с неправильной реализацией алгоритма PBES2 при обработке параметра p2c, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
6.5 Medium
CVSS3