.avif)
View all vulnerabilities
CVE-2024-28180
Decompression bomb vulnerability in github.com/go-jose/go-jose
Description
An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti.
Patch Available
Fix available through Seal Security. No upgrade required, protect your application instantly.
Fix without upgradingVulnerability Details
Score
Score Vector
Affected Versions
github.com/go-jose/go-jose/v4 < 4.0.1; github.com/go-jose/go-jose/v3 < 3.0.3; gopkg.in/go-jose/go-jose.v2 < 2.6.3
Severity
Ecosystem
GO
Publish Date
March 15, 2024
Modified Date
October 22, 2024