exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 15

BDU:2024-01954

около 2 лет назад

Уязвимость модуля JavaScript для подписи и шифрования объектов JSON jose, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

CVSS3: 4.9

EPSS: Низкий

CVE-2024-28176

около 2 лет назад

jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has been identified in the JSON Web Encryption (JWE) decryption interfaces, specifically related to the support for decompressing plaintext after its decryption. Under certain conditions it is possible to have the user's environment consume unreasonable amount of CPU time or memory during JWE Decryption operations. This issue has been patched in versions 2.0.7 and 4.15.5.

CVSS3: 4.9

EPSS: Низкий

CVE-2024-28176

около 2 лет назад

CVSS3: 5.3

EPSS: Низкий

CVE-2024-28176

около 2 лет назад

CVSS3: 4.9

EPSS: Низкий

GHSA-hhhv-q57g-882q

около 2 лет назад

jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext

CVSS3: 5.3

EPSS: Низкий

RLSA-2024:9181

около 1 года назад

Moderate: jose security update

EPSS: Низкий

RLSA-2024:5294

11 месяцев назад

Moderate: jose security update

EPSS: Низкий

RLSA-2024:3968

почти 2 года назад

Moderate: container-tools:rhel8 bug fix and enhancement update

EPSS: Низкий

ELSA-2024-9181

больше 1 года назад

ELSA-2024-9181: jose security update (MODERATE)

EPSS: Низкий

ELSA-2024-5294

больше 1 года назад

ELSA-2024-5294: jose security update (MODERATE)

EPSS: Низкий

ELSA-2024-3968

почти 2 года назад

ELSA-2024-3968: container-tools:ol8 bug fix and enhancement update (MODERATE)

EPSS: Низкий

RLSA-2024:3827

почти 2 года назад

Moderate: buildah security and bug fix update

EPSS: Низкий

RLSA-2024:3826

почти 2 года назад

Moderate: podman security and bug fix update

EPSS: Низкий

ELSA-2024-3827

почти 2 года назад

ELSA-2024-3827: buildah security and bug fix update (MODERATE)

EPSS: Низкий

ELSA-2024-3826

почти 2 года назад

ELSA-2024-3826: podman security and bug fix update (MODERATE)

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
BDU:2024-01954 Уязвимость модуля JavaScript для подписи и шифрования объектов JSON jose, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании	CVSS3: 4.9	1% Низкий	около 2 лет назад
CVE-2024-28176 jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has been identified in the JSON Web Encryption (JWE) decryption interfaces, specifically related to the support for decompressing plaintext after its decryption. Under certain conditions it is possible to have the user's environment consume unreasonable amount of CPU time or memory during JWE Decryption operations. This issue has been patched in versions 2.0.7 and 4.15.5.	CVSS3: 4.9	1% Низкий	около 2 лет назад
CVE-2024-28176 jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has been identified in the JSON Web Encryption (JWE) decryption interfaces, specifically related to the support for decompressing plaintext after its decryption. Under certain conditions it is possible to have the user's environment consume unreasonable amount of CPU time or memory during JWE Decryption operations. This issue has been patched in versions 2.0.7 and 4.15.5.	CVSS3: 5.3	1% Низкий	около 2 лет назад
CVE-2024-28176 jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has been identified in the JSON Web Encryption (JWE) decryption interfaces, specifically related to the support for decompressing plaintext after its decryption. Under certain conditions it is possible to have the user's environment consume unreasonable amount of CPU time or memory during JWE Decryption operations. This issue has been patched in versions 2.0.7 and 4.15.5.	CVSS3: 4.9	1% Низкий	около 2 лет назад
GHSA-hhhv-q57g-882q jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext	CVSS3: 5.3	1% Низкий	около 2 лет назад
RLSA-2024:9181 Moderate: jose security update			около 1 года назад
RLSA-2024:5294 Moderate: jose security update			11 месяцев назад
RLSA-2024:3968 Moderate: container-tools:rhel8 bug fix and enhancement update			почти 2 года назад
ELSA-2024-9181 ELSA-2024-9181: jose security update (MODERATE)			больше 1 года назад
ELSA-2024-5294 ELSA-2024-5294: jose security update (MODERATE)			больше 1 года назад
ELSA-2024-3968 ELSA-2024-3968: container-tools:ol8 bug fix and enhancement update (MODERATE)			почти 2 года назад
RLSA-2024:3827 Moderate: buildah security and bug fix update			почти 2 года назад
RLSA-2024:3826 Moderate: podman security and bug fix update			почти 2 года назад
ELSA-2024-3827 ELSA-2024-3827: buildah security and bug fix update (MODERATE)			почти 2 года назад
ELSA-2024-3826 ELSA-2024-3826: podman security and bug fix update (MODERATE)			почти 2 года назад

Уязвимостей на страницу