Количество 24
Количество 24
GHSA-c5q2-7r4c-mv6g
Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)
CVE-2024-28180
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.
CVE-2024-28180
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.
CVE-2024-28180
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.
CVE-2024-28180
CVE-2024-28180
Package jose aims to provide an implementation of the Javascript Objec ...
SUSE-SU-2025:0066-1
Security update for apptainer
SUSE-SU-2024:2754-1
Security update for skopeo
BDU:2024-01928
Уязвимость пакета реализации набора стандартов JWE, JWS, JWT go-jose для языка программирования Go, связанная с некорректной обработкой сильно сжатых входных данных, позволяющая нарушителю вызвать отказ в обслуживании
SUSE-SU-2024:1987-1
Security update for skopeo
ROS-20240718-03
Уязвимость consul
RLSA-2024:2549
Moderate: skopeo security and bug fix update
ELSA-2024-3968
ELSA-2024-3968: container-tools:ol8 bug fix and enhancement update (MODERATE)
ELSA-2024-2549
ELSA-2024-2549: skopeo security and bug fix update (MODERATE)
RLSA-2024:3827
Moderate: buildah security and bug fix update
RLSA-2024:3826
Moderate: podman security and bug fix update
ELSA-2024-3827
ELSA-2024-3827: buildah security and bug fix update (MODERATE)
ELSA-2024-3826
ELSA-2024-3826: podman security and bug fix update (MODERATE)
SUSE-SU-2025:0623-1
Security update for grafana
SUSE-SU-2024:3186-1
Security update for buildah
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-c5q2-7r4c-mv6g Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) | CVSS3: 4.3 | 0% Низкий | больше 1 года назад |
 | CVE-2024-28180 Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3. | CVSS3: 4.3 | 0% Низкий | больше 1 года назад |
 | CVE-2024-28180 Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3. | CVSS3: 4.3 | 0% Низкий | больше 1 года назад |
 | CVE-2024-28180 Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3. | CVSS3: 4.3 | 0% Низкий | больше 1 года назад |
 | CVSS3: 4.3 | 0% Низкий | 8 месяцев назад | |
| CVE-2024-28180 Package jose aims to provide an implementation of the Javascript Objec ... | CVSS3: 4.3 | 0% Низкий | больше 1 года назад |
 | SUSE-SU-2025:0066-1 Security update for apptainer | 0% Низкий | 5 месяцев назад | |
| SUSE-SU-2024:2754-1 Security update for skopeo | 0% Низкий | 11 месяцев назад | |
 | BDU:2024-01928 Уязвимость пакета реализации набора стандартов JWE, JWS, JWT go-jose для языка программирования Go, связанная с некорректной обработкой сильно сжатых входных данных, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 4.3 | 0% Низкий | больше 1 года назад |
| SUSE-SU-2024:1987-1 Security update for skopeo | около 1 года назад | ||
 | ROS-20240718-03 Уязвимость consul | CVSS3: 4.3 | 0% Низкий | 11 месяцев назад |
 | RLSA-2024:2549 Moderate: skopeo security and bug fix update | около 1 года назад | ||
| ELSA-2024-3968 ELSA-2024-3968: container-tools:ol8 bug fix and enhancement update (MODERATE) | около 1 года назад | ||
| ELSA-2024-2549 ELSA-2024-2549: skopeo security and bug fix update (MODERATE) | около 1 года назад | ||
| RLSA-2024:3827 Moderate: buildah security and bug fix update | около 1 года назад | ||
| RLSA-2024:3826 Moderate: podman security and bug fix update | около 1 года назад | ||
| ELSA-2024-3827 ELSA-2024-3827: buildah security and bug fix update (MODERATE) | около 1 года назад | ||
| ELSA-2024-3826 ELSA-2024-3826: podman security and bug fix update (MODERATE) | около 1 года назад | ||
| SUSE-SU-2025:0623-1 Security update for grafana | 4 месяца назад | ||
| SUSE-SU-2024:3186-1 Security update for buildah | 9 месяцев назад |
Уязвимостей на страницу