Количество 23
Количество 23
CVE-2025-30204
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.
CVE-2025-30204
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.
CVE-2025-30204
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.
CVE-2025-30204
jwt-go allows excessive memory allocation during header parsing
CVE-2025-30204
golang-jwt is a Go implementation of JSON Web Tokens. Starting in vers ...
SUSE-SU-2025:1285-1
Security update for etcd
SUSE-SU-2025:02769-1
Security update for amber-cli
RLSA-2025:3344
Important: grafana security update
GHSA-mh63-6h87-95cp
jwt-go allows excessive memory allocation during header parsing
ELSA-2025-7967
ELSA-2025-7967: osbuild-composer security update (IMPORTANT)
ELSA-2025-7503
ELSA-2025-7503: osbuild-composer security update (IMPORTANT)
ELSA-2025-7475
ELSA-2025-7475: grafana security update (IMPORTANT)
ELSA-2025-7425
ELSA-2025-7425: osbuild-composer security update (IMPORTANT)
ELSA-2025-7404
ELSA-2025-7404: grafana security update (IMPORTANT)
ELSA-2025-4669
ELSA-2025-4669: osbuild-composer security update (IMPORTANT)
ELSA-2025-3344
ELSA-2025-3344: grafana security update (IMPORTANT)
BDU:2025-08472
Уязвимость функции parse.ParseUnverified() библиотеки для работы с веб-токенами golang-jwt языка программирования Go, позволяющая нарушителю раскрыть защищаемую информацию
ROS-20250822-08
Уязвимость golang-github-jwt-5
ROS-20250822-07
Уязвимость golang-github-jwt-4-devel
ROS-20250630-09
Множественные уязвимости consul
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-30204 golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2. | CVSS3: 7.5 | 0% Низкий | 8 месяцев назад |
 | CVE-2025-30204 golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2. | CVSS3: 7.5 | 0% Низкий | 8 месяцев назад |
 | CVE-2025-30204 golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2. | CVSS3: 7.5 | 0% Низкий | 8 месяцев назад |
 | CVE-2025-30204 jwt-go allows excessive memory allocation during header parsing | CVSS3: 7.5 | 0% Низкий | 7 месяцев назад |
| CVE-2025-30204 golang-jwt is a Go implementation of JSON Web Tokens. Starting in vers ... | CVSS3: 7.5 | 0% Низкий | 8 месяцев назад |
 | SUSE-SU-2025:1285-1 Security update for etcd | 0% Низкий | 7 месяцев назад | |
| SUSE-SU-2025:02769-1 Security update for amber-cli | 0% Низкий | 3 месяца назад | |
 | RLSA-2025:3344 Important: grafana security update | 0% Низкий | 3 месяца назад | |
| GHSA-mh63-6h87-95cp jwt-go allows excessive memory allocation during header parsing | CVSS3: 7.5 | 0% Низкий | 8 месяцев назад |
| ELSA-2025-7967 ELSA-2025-7967: osbuild-composer security update (IMPORTANT) | 6 месяцев назад | ||
| ELSA-2025-7503 ELSA-2025-7503: osbuild-composer security update (IMPORTANT) | 4 месяца назад | ||
| ELSA-2025-7475 ELSA-2025-7475: grafana security update (IMPORTANT) | 4 месяца назад | ||
| ELSA-2025-7425 ELSA-2025-7425: osbuild-composer security update (IMPORTANT) | 6 месяцев назад | ||
| ELSA-2025-7404 ELSA-2025-7404: grafana security update (IMPORTANT) | 6 месяцев назад | ||
| ELSA-2025-4669 ELSA-2025-4669: osbuild-composer security update (IMPORTANT) | 6 месяцев назад | ||
| ELSA-2025-3344 ELSA-2025-3344: grafana security update (IMPORTANT) | 7 месяцев назад | ||
 | BDU:2025-08472 Уязвимость функции parse.ParseUnverified() библиотеки для работы с веб-токенами golang-jwt языка программирования Go, позволяющая нарушителю раскрыть защищаемую информацию | CVSS3: 7.5 | 0% Низкий | 8 месяцев назад |
 | ROS-20250822-08 Уязвимость golang-github-jwt-5 | CVSS3: 7.5 | 0% Низкий | 2 месяца назад |
| ROS-20250822-07 Уязвимость golang-github-jwt-4-devel | CVSS3: 7.5 | 0% Низкий | 2 месяца назад |
| ROS-20250630-09 Множественные уязвимости consul | CVSS3: 7.5 | 4 месяца назад |
Уязвимостей на страницу