DirectorySecurity Advisories
Sign In
Security Advisories

CGA-g5pv-4q2x-f2mj

Published

Last updated

https://images.chainguard.dev/security/CGA-g5pv-4q2x-f2mj
Package

telegraf-1.28

Latest Update
Fixed
Fixed Version

1.28.5-r1

Aliases
  • GHSA-mhpq-9638-x6pw

Severity

5.3

Medium

CVSS V3

Summary

Denial of service when decrypting attack controlled input in github.com/dvsekhvalnov/jose2go

Description

An attacker controlled input of a PBES2 encrypted JWE blob can have a very large p2c value that, when decrypted, produces a denial-of-service.

References

Updates


Safe Source for Open Sourceâ„¢
Media KitContact Us
© 2024 Chainguard. All Rights Reserved.
Private PolicyTerms of Use

Product

Chainguard Images