Количество 13
Количество 13
CVE-2024-28176
jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has been identified in the JSON Web Encryption (JWE) decryption interfaces, specifically related to the support for decompressing plaintext after its decryption. Under certain conditions it is possible to have the user's environment consume unreasonable amount of CPU time or memory during JWE Decryption operations. This issue has been patched in versions 2.0.7 and 4.15.5.
CVE-2024-28176
jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has been identified in the JSON Web Encryption (JWE) decryption interfaces, specifically related to the support for decompressing plaintext after its decryption. Under certain conditions it is possible to have the user's environment consume unreasonable amount of CPU time or memory during JWE Decryption operations. This issue has been patched in versions 2.0.7 and 4.15.5.
CVE-2024-28176
jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has been identified in the JSON Web Encryption (JWE) decryption interfaces, specifically related to the support for decompressing plaintext after its decryption. Under certain conditions it is possible to have the user's environment consume unreasonable amount of CPU time or memory during JWE Decryption operations. This issue has been patched in versions 2.0.7 and 4.15.5.
GHSA-hhhv-q57g-882q
jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext
BDU:2024-01954
Уязвимость модуля JavaScript для подписи и шифрования объектов JSON jose, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
RLSA-2024:5294
Moderate: jose security update
ELSA-2024-9181
ELSA-2024-9181: jose security update (MODERATE)
ELSA-2024-5294
ELSA-2024-5294: jose security update (MODERATE)
ELSA-2024-3968
ELSA-2024-3968: container-tools:ol8 bug fix and enhancement update (MODERATE)
RLSA-2024:3827
Moderate: buildah security and bug fix update
RLSA-2024:3826
Moderate: podman security and bug fix update
ELSA-2024-3827
ELSA-2024-3827: buildah security and bug fix update (MODERATE)
ELSA-2024-3826
ELSA-2024-3826: podman security and bug fix update (MODERATE)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-28176 jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has been identified in the JSON Web Encryption (JWE) decryption interfaces, specifically related to the support for decompressing plaintext after its decryption. Under certain conditions it is possible to have the user's environment consume unreasonable amount of CPU time or memory during JWE Decryption operations. This issue has been patched in versions 2.0.7 and 4.15.5. | CVSS3: 4.9 | 0% Низкий | больше 1 года назад |
 | CVE-2024-28176 jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has been identified in the JSON Web Encryption (JWE) decryption interfaces, specifically related to the support for decompressing plaintext after its decryption. Under certain conditions it is possible to have the user's environment consume unreasonable amount of CPU time or memory during JWE Decryption operations. This issue has been patched in versions 2.0.7 and 4.15.5. | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
 | CVE-2024-28176 jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has been identified in the JSON Web Encryption (JWE) decryption interfaces, specifically related to the support for decompressing plaintext after its decryption. Under certain conditions it is possible to have the user's environment consume unreasonable amount of CPU time or memory during JWE Decryption operations. This issue has been patched in versions 2.0.7 and 4.15.5. | CVSS3: 4.9 | 0% Низкий | больше 1 года назад |
| GHSA-hhhv-q57g-882q jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext | CVSS3: 5.3 | 0% Низкий | больше 1 года назад |
 | BDU:2024-01954 Уязвимость модуля JavaScript для подписи и шифрования объектов JSON jose, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 4.9 | 0% Низкий | больше 1 года назад |
 | RLSA-2024:5294 Moderate: jose security update | около 1 месяца назад | ||
| ELSA-2024-9181 ELSA-2024-9181: jose security update (MODERATE) | 7 месяцев назад | ||
| ELSA-2024-5294 ELSA-2024-5294: jose security update (MODERATE) | 10 месяцев назад | ||
| ELSA-2024-3968 ELSA-2024-3968: container-tools:ol8 bug fix and enhancement update (MODERATE) | около 1 года назад | ||
| RLSA-2024:3827 Moderate: buildah security and bug fix update | около 1 года назад | ||
| RLSA-2024:3826 Moderate: podman security and bug fix update | около 1 года назад | ||
| ELSA-2024-3827 ELSA-2024-3827: buildah security and bug fix update (MODERATE) | около 1 года назад | ||
| ELSA-2024-3826 ELSA-2024-3826: podman security and bug fix update (MODERATE) | около 1 года назад |
Уязвимостей на страницу