Количество 13
Количество 13
CVE-2025-30204
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.
CVE-2025-30204
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.
CVE-2025-30204
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.
CVE-2025-30204
CVE-2025-30204
golang-jwt is a Go implementation of JSON Web Tokens. Starting in vers ...
SUSE-SU-2025:1285-1
Security update for etcd
GHSA-mh63-6h87-95cp
jwt-go allows excessive memory allocation during header parsing
ELSA-2025-7967
ELSA-2025-7967: osbuild-composer security update (IMPORTANT)
ELSA-2025-7425
ELSA-2025-7425: osbuild-composer security update (IMPORTANT)
ELSA-2025-7404
ELSA-2025-7404: grafana security update (IMPORTANT)
ELSA-2025-4669
ELSA-2025-4669: osbuild-composer security update (IMPORTANT)
ELSA-2025-3344
ELSA-2025-3344: grafana security update (IMPORTANT)
SUSE-SU-2025:1332-1
Security update for rekor
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-30204 golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2. | CVSS3: 7.5 | 0% Низкий | 3 месяца назад |
 | CVE-2025-30204 golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2. | CVSS3: 7.5 | 0% Низкий | 3 месяца назад |
 | CVE-2025-30204 golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2. | CVSS3: 7.5 | 0% Низкий | 3 месяца назад |
 | CVSS3: 7.5 | 0% Низкий | 3 месяца назад | |
| CVE-2025-30204 golang-jwt is a Go implementation of JSON Web Tokens. Starting in vers ... | CVSS3: 7.5 | 0% Низкий | 3 месяца назад |
 | SUSE-SU-2025:1285-1 Security update for etcd | 0% Низкий | 2 месяца назад | |
| GHSA-mh63-6h87-95cp jwt-go allows excessive memory allocation during header parsing | CVSS3: 7.5 | 0% Низкий | 3 месяца назад |
| ELSA-2025-7967 ELSA-2025-7967: osbuild-composer security update (IMPORTANT) | около 1 месяца назад | ||
| ELSA-2025-7425 ELSA-2025-7425: osbuild-composer security update (IMPORTANT) | 29 дней назад | ||
| ELSA-2025-7404 ELSA-2025-7404: grafana security update (IMPORTANT) | 29 дней назад | ||
| ELSA-2025-4669 ELSA-2025-4669: osbuild-composer security update (IMPORTANT) | около 1 месяца назад | ||
| ELSA-2025-3344 ELSA-2025-3344: grafana security update (IMPORTANT) | 3 месяца назад | ||
| SUSE-SU-2025:1332-1 Security update for rekor | 2 месяца назад |
Уязвимостей на страницу