Количество 28
Количество 28
CVE-2024-28180
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.
CVE-2024-28180
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.
CVE-2024-28180
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.
CVE-2024-28180
CVE-2024-28180
Package jose aims to provide an implementation of the Javascript Objec ...
SUSE-SU-2025:0066-1
Security update for apptainer
SUSE-SU-2024:2754-1
Security update for skopeo
GHSA-c5q2-7r4c-mv6g
Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)
BDU:2024-01928
Уязвимость пакета реализации набора стандартов JWE, JWS, JWT go-jose для языка программирования Go, связанная с некорректной обработкой сильно сжатых входных данных, позволяющая нарушителю вызвать отказ в обслуживании
SUSE-SU-2024:1987-1
Security update for skopeo
ROS-20260209-73-0033
Уязвимость golang-github-jose
ROS-20240718-03
Уязвимость consul
RLSA-2024:3968
Moderate: container-tools:rhel8 bug fix and enhancement update
RLSA-2024:2549
Moderate: skopeo security and bug fix update
ELSA-2024-3968
ELSA-2024-3968: container-tools:ol8 bug fix and enhancement update (MODERATE)
ELSA-2024-2549
ELSA-2024-2549: skopeo security and bug fix update (MODERATE)
openSUSE-SU-2026:20279-1
Security update for containerized-data-importer
RLSA-2024:3827
Moderate: buildah security and bug fix update
RLSA-2024:3826
Moderate: podman security and bug fix update
ELSA-2024-3827
ELSA-2024-3827: buildah security and bug fix update (MODERATE)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-28180 Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3. | CVSS3: 4.3 | 4% Низкий | около 2 лет назад |
 | CVE-2024-28180 Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3. | CVSS3: 4.3 | 4% Низкий | около 2 лет назад |
 | CVE-2024-28180 Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3. | CVSS3: 4.3 | 4% Низкий | около 2 лет назад |
 | CVSS3: 4.3 | 4% Низкий | больше 1 года назад | |
| CVE-2024-28180 Package jose aims to provide an implementation of the Javascript Objec ... | CVSS3: 4.3 | 4% Низкий | около 2 лет назад |
 | SUSE-SU-2025:0066-1 Security update for apptainer | 4% Низкий | около 1 года назад | |
| SUSE-SU-2024:2754-1 Security update for skopeo | 4% Низкий | больше 1 года назад | |
| GHSA-c5q2-7r4c-mv6g Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) | CVSS3: 4.3 | 4% Низкий | около 2 лет назад |
 | BDU:2024-01928 Уязвимость пакета реализации набора стандартов JWE, JWS, JWT go-jose для языка программирования Go, связанная с некорректной обработкой сильно сжатых входных данных, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 4.3 | 4% Низкий | около 2 лет назад |
| SUSE-SU-2024:1987-1 Security update for skopeo | почти 2 года назад | ||
 | ROS-20260209-73-0033 Уязвимость golang-github-jose | CVSS3: 4.3 | 4% Низкий | около 2 месяцев назад |
| ROS-20240718-03 Уязвимость consul | CVSS3: 4.3 | 4% Низкий | больше 1 года назад |
 | RLSA-2024:3968 Moderate: container-tools:rhel8 bug fix and enhancement update | больше 1 года назад | ||
| RLSA-2024:2549 Moderate: skopeo security and bug fix update | почти 2 года назад | ||
| ELSA-2024-3968 ELSA-2024-3968: container-tools:ol8 bug fix and enhancement update (MODERATE) | почти 2 года назад | ||
| ELSA-2024-2549 ELSA-2024-2549: skopeo security and bug fix update (MODERATE) | почти 2 года назад | ||
| openSUSE-SU-2026:20279-1 Security update for containerized-data-importer | 28 дней назад | ||
| RLSA-2024:3827 Moderate: buildah security and bug fix update | почти 2 года назад | ||
| RLSA-2024:3826 Moderate: podman security and bug fix update | почти 2 года назад | ||
| ELSA-2024-3827 ELSA-2024-3827: buildah security and bug fix update (MODERATE) | почти 2 года назад |
Уязвимостей на страницу