Количество 31
Количество 31
CVE-2025-30204
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.
CVE-2025-30204
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.
CVE-2025-30204
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.
CVE-2025-30204
jwt-go allows excessive memory allocation during header parsing
CVE-2025-30204
golang-jwt is a Go implementation of JSON Web Tokens. Starting in vers ...
SUSE-SU-2026:0659-1
Security update for docker-stable
SUSE-SU-2026:0641-1
Security update for docker-stable
SUSE-SU-2025:1285-1
Security update for etcd
SUSE-SU-2025:02769-1
Security update for amber-cli
RLSA-2025:3411
Important: opentelemetry-collector security update
RLSA-2025:3344
Important: grafana security update
GHSA-mh63-6h87-95cp
jwt-go allows excessive memory allocation during header parsing
ELSA-2025-7967
ELSA-2025-7967: osbuild-composer security update (IMPORTANT)
ELSA-2025-7503
ELSA-2025-7503: osbuild-composer security update (IMPORTANT)
ELSA-2025-7475
ELSA-2025-7475: grafana security update (IMPORTANT)
ELSA-2025-7425
ELSA-2025-7425: osbuild-composer security update (IMPORTANT)
ELSA-2025-7404
ELSA-2025-7404: grafana security update (IMPORTANT)
ELSA-2025-4669
ELSA-2025-4669: osbuild-composer security update (IMPORTANT)
ELSA-2025-3344
ELSA-2025-3344: grafana security update (IMPORTANT)
BDU:2025-08472
Уязвимость функции parse.ParseUnverified() библиотеки для работы с веб-токенами golang-jwt языка программирования Go, позволяющая нарушителю раскрыть защищаемую информацию
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-30204 golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2. | CVSS3: 7.5 | 0% Низкий | около 1 года назад |
 | CVE-2025-30204 golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2. | CVSS3: 7.5 | 0% Низкий | около 1 года назад |
 | CVE-2025-30204 golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2. | CVSS3: 7.5 | 0% Низкий | около 1 года назад |
 | CVE-2025-30204 jwt-go allows excessive memory allocation during header parsing | CVSS3: 7.5 | 0% Низкий | 12 месяцев назад |
| CVE-2025-30204 golang-jwt is a Go implementation of JSON Web Tokens. Starting in vers ... | CVSS3: 7.5 | 0% Низкий | около 1 года назад |
 | SUSE-SU-2026:0659-1 Security update for docker-stable | 0% Низкий | около 1 месяца назад | |
| SUSE-SU-2026:0641-1 Security update for docker-stable | 0% Низкий | около 1 месяца назад | |
| SUSE-SU-2025:1285-1 Security update for etcd | 0% Низкий | 12 месяцев назад | |
| SUSE-SU-2025:02769-1 Security update for amber-cli | 0% Низкий | 8 месяцев назад | |
 | RLSA-2025:3411 Important: opentelemetry-collector security update | 0% Низкий | 8 месяцев назад | |
| RLSA-2025:3344 Important: grafana security update | 0% Низкий | 8 месяцев назад | |
| GHSA-mh63-6h87-95cp jwt-go allows excessive memory allocation during header parsing | CVSS3: 7.5 | 0% Низкий | около 1 года назад |
| ELSA-2025-7967 ELSA-2025-7967: osbuild-composer security update (IMPORTANT) | 10 месяцев назад | ||
| ELSA-2025-7503 ELSA-2025-7503: osbuild-composer security update (IMPORTANT) | 9 месяцев назад | ||
| ELSA-2025-7475 ELSA-2025-7475: grafana security update (IMPORTANT) | 9 месяцев назад | ||
| ELSA-2025-7425 ELSA-2025-7425: osbuild-composer security update (IMPORTANT) | 10 месяцев назад | ||
| ELSA-2025-7404 ELSA-2025-7404: grafana security update (IMPORTANT) | 10 месяцев назад | ||
| ELSA-2025-4669 ELSA-2025-4669: osbuild-composer security update (IMPORTANT) | 11 месяцев назад | ||
| ELSA-2025-3344 ELSA-2025-3344: grafana security update (IMPORTANT) | около 1 года назад | ||
 | BDU:2025-08472 Уязвимость функции parse.ParseUnverified() библиотеки для работы с веб-токенами golang-jwt языка программирования Go, позволяющая нарушителю раскрыть защищаемую информацию | CVSS3: 7.5 | 0% Низкий | около 1 года назад |
Уязвимостей на страницу