Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Parsing JSON serialized payload without protected field can lead to segfault
Vulnerability Description
jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. Calling `jws.Parse` with a JSON serialized payload where the `signature` field is present while `protected` is absent can lead to a nil pointer dereference. The vulnerability can be used to crash/DOS a system doing JWS verification. This vulnerability has been patched in versions 2.0.19 and 1.2.28.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
Vulnerability Type
空指针解引用
Vulnerability Title
lestrrat-go jwx 代码问题漏洞
Vulnerability Description
lestrrat-go jwx是lestrrat-go个人开发者的一个库。 lestrrat-go jwx 2.0.18及之前版本存在代码问题漏洞,该漏洞源于存在空指针取消引用问题。
CVSS Information
N/A
Vulnerability Type
N/A