Количество 74
Количество 74
CVE-2024-28180
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.
CVE-2024-28180
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.
CVE-2024-28180
CVE-2024-28180
Package jose aims to provide an implementation of the Javascript Objec ...
RLSA-2024:9135
Moderate: toolbox security update
RLSA-2024:8038
Important: container-tools:rhel8 security update
RLSA-2024:3346
Important: git-lfs security update
RLSA-2024:2724
Important: git-lfs security update
ELSA-2024-8038
ELSA-2024-8038: container-tools:ol8 security update (IMPORTANT)
ELSA-2024-3346
ELSA-2024-3346: git-lfs security update (IMPORTANT)
ELSA-2024-2724
ELSA-2024-2724: git-lfs security update (IMPORTANT)
GHSA-hhhv-q57g-882q
jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext
BDU:2024-01954
Уязвимость модуля JavaScript для подписи и шифрования объектов JSON jose, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
SUSE-SU-2024:0936-1
Security update for go1.22
SUSE-SU-2024:0812-1
Security update for go1.22
SUSE-SU-2024:0811-1
Security update for go1.21
SUSE-SU-2024:0800-1
Security update for go1.21
RLSA-2024:6969
Moderate: container-tools:rhel8 security update
ELSA-2024-6969
ELSA-2024-6969: container-tools:ol8 security update (MODERATE)
RLSA-2024:3259
Important: go-toolset:rhel8 security update
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-28180 Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3. | CVSS3: 4.3 | 2% Низкий | больше 2 лет назад |
 | CVE-2024-28180 Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3. | CVSS3: 4.3 | 2% Низкий | больше 2 лет назад |
 | CVSS3: 4.3 | 2% Низкий | больше 1 года назад | |
| CVE-2024-28180 Package jose aims to provide an implementation of the Javascript Objec ... | CVSS3: 4.3 | 2% Низкий | больше 2 лет назад |
 | RLSA-2024:9135 Moderate: toolbox security update | больше 1 года назад | ||
| RLSA-2024:8038 Important: container-tools:rhel8 security update | больше 1 года назад | ||
| RLSA-2024:3346 Important: git-lfs security update | около 2 лет назад | ||
| RLSA-2024:2724 Important: git-lfs security update | около 2 лет назад | ||
| ELSA-2024-8038 ELSA-2024-8038: container-tools:ol8 security update (IMPORTANT) | больше 1 года назад | ||
| ELSA-2024-3346 ELSA-2024-3346: git-lfs security update (IMPORTANT) | около 2 лет назад | ||
| ELSA-2024-2724 ELSA-2024-2724: git-lfs security update (IMPORTANT) | около 2 лет назад | ||
| GHSA-hhhv-q57g-882q jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext | CVSS3: 5.3 | 2% Низкий | больше 2 лет назад |
 | BDU:2024-01954 Уязвимость модуля JavaScript для подписи и шифрования объектов JSON jose, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 4.9 | 2% Низкий | больше 2 лет назад |
 | SUSE-SU-2024:0936-1 Security update for go1.22 | больше 2 лет назад | ||
| SUSE-SU-2024:0812-1 Security update for go1.22 | больше 2 лет назад | ||
| SUSE-SU-2024:0811-1 Security update for go1.21 | больше 2 лет назад | ||
| SUSE-SU-2024:0800-1 Security update for go1.21 | больше 2 лет назад | ||
| RLSA-2024:6969 Moderate: container-tools:rhel8 security update | около 1 года назад | ||
| ELSA-2024-6969 ELSA-2024-6969: container-tools:ol8 security update (MODERATE) | почти 2 года назад | ||
| RLSA-2024:3259 Important: go-toolset:rhel8 security update | около 2 лет назад |
Уязвимостей на страницу