GHSA-6294-6rgp-fr7r
Suggest an improvement- Source
- https://github.com/advisories/GHSA-6294-6rgp-fr7r
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-6294-6rgp-fr7r/GHSA-6294-6rgp-fr7r.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-6294-6rgp-fr7r
- Aliases
- Related
- Published
- 2024-02-29T03:33:14Z
- Modified
- 2024-07-05T21:33:55Z
- Summary
- jose2go vulnerable to denial of service via large p2c value
- Details
-
The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
- Database specific
{ "nvd_published_at": "2024-02-29T01:42:01Z", "cwe_ids": [], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-03-01T16:56:03Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-50658
- https://github.com/dvsekhvalnov/jose2go/issues/31
- https://github.com/dvsekhvalnov/jose2go/commit/a4584e9dd7128608fedbc67892eba9697f0d5317
- https://github.com/dvsekhvalnov/jose2go
- https://github.com/dvsekhvalnov/jose2go/compare/v1.5.0...v1.6.0
- https://www.blackhat.com/us-23/briefings/schedule/#three-new-attacks-against-json-web-tokens-31695
Affected packages
Go / github.com/dvsekhvalnov/jose2go
Package
- Name
- github.com/dvsekhvalnov/jose2go
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/dvsekhvalnov/jose2go