VYPR

Go modules package

github.com/lestrrat-go/jwx

pkg:golang/github.com/lestrrat-go/jwx

Vulnerabilities (3)

  • CVE-2024-28122MedMar 9, 2024
    affected < 1.2.29fixed 1.2.29

    JWX is Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exc

  • CVE-2024-21664MedJan 9, 2024
    affected >= 1.0.8, < 1.2.28fixed 1.2.28

    jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. Calling `jws.Parse` with a JSON serialized payload where the `signature` field is present while `protected` is absent can lead to a nil pointer dereference. The vulnerability

  • CVE-2023-49290MedDec 5, 2023
    affected < 1.2.27fixed 1.2.27

    lestrrat-go/jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. A p2c parameter set too high in JWE's algorithm PBES2-* could lead to a denial of service. The JWE key management algorithms based on PBKDF2 require a JOSE Header