Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS02Mjk0LTZyZ3AtZnI3cs4AA5mt
jose2go vulnerable to denial of service via large p2c value
The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
Permalink: https://github.com/advisories/GHSA-6294-6rgp-fr7rJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02Mjk0LTZyZ3AtZnI3cs4AA5mt
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 months ago
Updated: about 2 months ago
Identifiers: GHSA-6294-6rgp-fr7r, CVE-2023-50658
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-50658
- https://github.com/dvsekhvalnov/jose2go/commit/a4584e9dd7128608fedbc67892eba9697f0d5317
- https://github.com/dvsekhvalnov/jose2go/compare/v1.5.0...v1.6.0
- https://github.com/advisories/GHSA-6294-6rgp-fr7r
Blast Radius: 0.0
Affected Packages
go:github.com/dvsekhvalnov/jose2go
Dependent packages: 3,515Dependent repositories: 3,430
Downloads:
Affected Version Ranges: < 1.6.0
Fixed in: 1.6.0
All affected versions: 1.5.0
All unaffected versions: 1.6.0