Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/opentelemetry-collector@0.107.0-8?arch=el9_6
Typerpm
Namespaceredhat
Nameopentelemetry-collector
Version0.107.0-8
Qualifiers
arch el9_6
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-chwd-qyet-4qbz
vulnerability_id VCID-chwd-qyet-4qbz
summary 
Memory Exhaustion in Expr Parser with Unrestricted Input
### Impact
If the Expr expression parser is given an **unbounded input string**, it will attempt to compile the *entire* string and generate an Abstract Syntax Tree (AST) node for each part of the expression. In scenarios where input size isn’t limited, a malicious or inadvertent extremely large expression can consume excessive memory as the parser builds a huge AST. This can ultimately lead to **excessive memory usage** and an **Out-Of-Memory (OOM) crash** of the process. This issue is relatively uncommon and will only manifest when there are **no restrictions on the input size**, i.e. the expression length is allowed to grow arbitrarily large. In typical use cases where inputs are bounded or validated, this problem would not occur.

### Patches

The problem has been **patched** in the latest versions of the Expr library. The fix introduces compile-time limits on the number of AST nodes and memory usage during parsing, preventing any single expression from exhausting resources. Users should upgrade to **Expr version 1.17.0 or later**, as this release includes the new node budget and memory limit safeguards. Upgrading to v1.17.0 ensures that extremely deep or large expressions are detected and safely aborted during compilation, avoiding the OOM condition.

### Workarounds

For users who cannot immediately upgrade, the recommended workaround is to **impose an input size restriction before parsing**. In practice, this means validating or limiting the length of expression strings that your application will accept. For example, set a maximum allowable number of characters (or nodes) for any expression and reject or truncate inputs that exceed this limit. By ensuring no unbounded-length expression is ever fed into the parser, you can prevent the parser from constructing a pathologically large AST and avoid potential memory exhaustion. In short, **pre-validate and cap input size** as a safeguard in the absence of the patch.

### References

- #762
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-29786.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-29786.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-29786
reference_id
reference_type
scores
0
value 0.00101
scoring_system epss
scoring_elements 0.27755
published_at 2026-04-21T12:55:00Z
1
value 0.00101
scoring_system epss
scoring_elements 0.27798
published_at 2026-04-18T12:55:00Z
2
value 0.00101
scoring_system epss
scoring_elements 0.2782
published_at 2026-04-16T12:55:00Z
3
value 0.00101
scoring_system epss
scoring_elements 0.27813
published_at 2026-04-13T12:55:00Z
4
value 0.00101
scoring_system epss
scoring_elements 0.27872
published_at 2026-04-12T12:55:00Z
5
value 0.00101
scoring_system epss
scoring_elements 0.27914
published_at 2026-04-11T12:55:00Z
6
value 0.00101
scoring_system epss
scoring_elements 0.27913
published_at 2026-04-09T12:55:00Z
7
value 0.00101
scoring_system epss
scoring_elements 0.27871
published_at 2026-04-08T12:55:00Z
8
value 0.00101
scoring_system epss
scoring_elements 0.27804
published_at 2026-04-07T12:55:00Z
9
value 0.00101
scoring_system epss
scoring_elements 0.27971
published_at 2026-04-02T12:55:00Z
10
value 0.00101
scoring_system epss
scoring_elements 0.28012
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-29786
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29786
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29786
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/expr-lang/expr
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/expr-lang/expr
5
reference_url https://github.com/expr-lang/expr/commit/0d19441454426d2f58edb22c31f3ba5f99c7a26e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-17T13:29:22Z/
url https://github.com/expr-lang/expr/commit/0d19441454426d2f58edb22c31f3ba5f99c7a26e
6
reference_url https://github.com/expr-lang/expr/pull/762
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-17T13:29:22Z/
url https://github.com/expr-lang/expr/pull/762
7
reference_url https://github.com/expr-lang/expr/security/advisories/GHSA-93mq-9ffx-83m2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-17T13:29:22Z/
url https://github.com/expr-lang/expr/security/advisories/GHSA-93mq-9ffx-83m2
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-29786
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-29786
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103788
reference_id 1103788
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103788
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2352914
reference_id 2352914
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2352914
11
reference_url https://access.redhat.com/errata/RHSA-2025:3335
reference_id RHSA-2025:3335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3335
12
reference_url https://access.redhat.com/errata/RHSA-2025:3593
reference_id RHSA-2025:3593
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3593
13
reference_url https://access.redhat.com/errata/RHSA-2025:3740
reference_id RHSA-2025:3740
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3740
14
reference_url https://access.redhat.com/errata/RHSA-2025:3743
reference_id RHSA-2025:3743
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3743
15
reference_url https://access.redhat.com/errata/RHSA-2025:3993
reference_id RHSA-2025:3993
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3993
16
reference_url https://access.redhat.com/errata/RHSA-2025:7407
reference_id RHSA-2025:7407
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7407
17
reference_url https://access.redhat.com/errata/RHSA-2025:7479
reference_id RHSA-2025:7479
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7479
18
reference_url https://access.redhat.com/errata/RHSA-2025:9167
reference_id RHSA-2025:9167
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9167
fixed_packages
aliases CVE-2025-29786, GHSA-93mq-9ffx-83m2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-chwd-qyet-4qbz
1
url VCID-nrrp-y243-bfa1
vulnerability_id VCID-nrrp-y243-bfa1
summary 
golang.org/x/oauth2 Improper Validation of Syntactic Correctness of Input vulnerability
An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22868.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-22868.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-22868
reference_id
reference_type
scores
0
value 0.00112
scoring_system epss
scoring_elements 0.29785
published_at 2026-04-02T12:55:00Z
1
value 0.00112
scoring_system epss
scoring_elements 0.29832
published_at 2026-04-04T12:55:00Z
2
value 0.00149
scoring_system epss
scoring_elements 0.35503
published_at 2026-04-09T12:55:00Z
3
value 0.00153
scoring_system epss
scoring_elements 0.36009
published_at 2026-04-11T12:55:00Z
4
value 0.00153
scoring_system epss
scoring_elements 0.3592
published_at 2026-04-21T12:55:00Z
5
value 0.00153
scoring_system epss
scoring_elements 0.35945
published_at 2026-04-13T12:55:00Z
6
value 0.00153
scoring_system epss
scoring_elements 0.35971
published_at 2026-04-12T12:55:00Z
7
value 0.00167
scoring_system epss
scoring_elements 0.37854
published_at 2026-04-07T12:55:00Z
8
value 0.00167
scoring_system epss
scoring_elements 0.37904
published_at 2026-04-08T12:55:00Z
9
value 0.00169
scoring_system epss
scoring_elements 0.38187
published_at 2026-04-16T12:55:00Z
10
value 0.00169
scoring_system epss
scoring_elements 0.38169
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-22868
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22868
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22868
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://go.dev/cl/652155
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:45:27Z/
url https://go.dev/cl/652155
5
reference_url https://go.dev/issue/71490
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:45:27Z/
url https://go.dev/issue/71490
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-22868
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-22868
7
reference_url https://pkg.go.dev/vuln/GO-2025-3488
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:45:27Z/
url https://pkg.go.dev/vuln/GO-2025-3488
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098967
reference_id 1098967
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098967
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2348366
reference_id 2348366
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2348366
10
reference_url https://access.redhat.com/errata/RHSA-2024:11037
reference_id RHSA-2024:11037
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:11037
11
reference_url https://access.redhat.com/errata/RHSA-2024:11038
reference_id RHSA-2024:11038
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:11038
12
reference_url https://access.redhat.com/errata/RHSA-2025:10294
reference_id RHSA-2025:10294
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10294
13
reference_url https://access.redhat.com/errata/RHSA-2025:10781
reference_id RHSA-2025:10781
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:10781
14
reference_url https://access.redhat.com/errata/RHSA-2025:11351
reference_id RHSA-2025:11351
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11351
15
reference_url https://access.redhat.com/errata/RHSA-2025:11396
reference_id RHSA-2025:11396
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11396
16
reference_url https://access.redhat.com/errata/RHSA-2025:11669
reference_id RHSA-2025:11669
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11669
17
reference_url https://access.redhat.com/errata/RHSA-2025:11749
reference_id RHSA-2025:11749
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11749
18
reference_url https://access.redhat.com/errata/RHSA-2025:11830
reference_id RHSA-2025:11830
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11830
19
reference_url https://access.redhat.com/errata/RHSA-2025:11889
reference_id RHSA-2025:11889
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11889
20
reference_url https://access.redhat.com/errata/RHSA-2025:12323
reference_id RHSA-2025:12323
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:12323
21
reference_url https://access.redhat.com/errata/RHSA-2025:15673
reference_id RHSA-2025:15673
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15673
22
reference_url https://access.redhat.com/errata/RHSA-2025:17671
reference_id RHSA-2025:17671
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17671
23
reference_url https://access.redhat.com/errata/RHSA-2025:23057
reference_id RHSA-2025:23057
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23057
24
reference_url https://access.redhat.com/errata/RHSA-2025:23078
reference_id RHSA-2025:23078
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23078
25
reference_url https://access.redhat.com/errata/RHSA-2025:23079
reference_id RHSA-2025:23079
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23079
26
reference_url https://access.redhat.com/errata/RHSA-2025:23080
reference_id RHSA-2025:23080
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23080
27
reference_url https://access.redhat.com/errata/RHSA-2025:23202
reference_id RHSA-2025:23202
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23202
28
reference_url https://access.redhat.com/errata/RHSA-2025:23204
reference_id RHSA-2025:23204
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23204
29
reference_url https://access.redhat.com/errata/RHSA-2025:23205
reference_id RHSA-2025:23205
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23205
30
reference_url https://access.redhat.com/errata/RHSA-2025:23209
reference_id RHSA-2025:23209
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23209
31
reference_url https://access.redhat.com/errata/RHSA-2025:23449
reference_id RHSA-2025:23449
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23449
32
reference_url https://access.redhat.com/errata/RHSA-2025:23534
reference_id RHSA-2025:23534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23534
33
reference_url https://access.redhat.com/errata/RHSA-2025:23535
reference_id RHSA-2025:23535
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23535
34
reference_url https://access.redhat.com/errata/RHSA-2025:2526
reference_id RHSA-2025:2526
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2526
35
reference_url https://access.redhat.com/errata/RHSA-2025:2567
reference_id RHSA-2025:2567
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:2567
36
reference_url https://access.redhat.com/errata/RHSA-2025:3051
reference_id RHSA-2025:3051
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3051
37
reference_url https://access.redhat.com/errata/RHSA-2025:3053
reference_id RHSA-2025:3053
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3053
38
reference_url https://access.redhat.com/errata/RHSA-2025:3172
reference_id RHSA-2025:3172
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3172
39
reference_url https://access.redhat.com/errata/RHSA-2025:3335
reference_id RHSA-2025:3335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3335
40
reference_url https://access.redhat.com/errata/RHSA-2025:3437
reference_id RHSA-2025:3437
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3437
41
reference_url https://access.redhat.com/errata/RHSA-2025:3439
reference_id RHSA-2025:3439
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3439
42
reference_url https://access.redhat.com/errata/RHSA-2025:3498
reference_id RHSA-2025:3498
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3498
43
reference_url https://access.redhat.com/errata/RHSA-2025:3501
reference_id RHSA-2025:3501
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3501
44
reference_url https://access.redhat.com/errata/RHSA-2025:3503
reference_id RHSA-2025:3503
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3503
45
reference_url https://access.redhat.com/errata/RHSA-2025:3593
reference_id RHSA-2025:3593
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3593
46
reference_url https://access.redhat.com/errata/RHSA-2025:3720
reference_id RHSA-2025:3720
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3720
47
reference_url https://access.redhat.com/errata/RHSA-2025:3740
reference_id RHSA-2025:3740
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3740
48
reference_url https://access.redhat.com/errata/RHSA-2025:3743
reference_id RHSA-2025:3743
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3743
49
reference_url https://access.redhat.com/errata/RHSA-2025:3790
reference_id RHSA-2025:3790
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3790
50
reference_url https://access.redhat.com/errata/RHSA-2025:3808
reference_id RHSA-2025:3808
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3808
51
reference_url https://access.redhat.com/errata/RHSA-2025:3811
reference_id RHSA-2025:3811
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3811
52
reference_url https://access.redhat.com/errata/RHSA-2025:3813
reference_id RHSA-2025:3813
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3813
53
reference_url https://access.redhat.com/errata/RHSA-2025:3814
reference_id RHSA-2025:3814
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3814
54
reference_url https://access.redhat.com/errata/RHSA-2025:3820
reference_id RHSA-2025:3820
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3820
55
reference_url https://access.redhat.com/errata/RHSA-2025:3863
reference_id RHSA-2025:3863
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3863
56
reference_url https://access.redhat.com/errata/RHSA-2025:3886
reference_id RHSA-2025:3886
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3886
57
reference_url https://access.redhat.com/errata/RHSA-2025:3932
reference_id RHSA-2025:3932
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3932
58
reference_url https://access.redhat.com/errata/RHSA-2025:3959
reference_id RHSA-2025:3959
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3959
59
reference_url https://access.redhat.com/errata/RHSA-2025:3987
reference_id RHSA-2025:3987
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3987
60
reference_url https://access.redhat.com/errata/RHSA-2025:4002
reference_id RHSA-2025:4002
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4002
61
reference_url https://access.redhat.com/errata/RHSA-2025:4250
reference_id RHSA-2025:4250
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4250
62
reference_url https://access.redhat.com/errata/RHSA-2025:4473
reference_id RHSA-2025:4473
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4473
63
reference_url https://access.redhat.com/errata/RHSA-2025:4605
reference_id RHSA-2025:4605
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4605
64
reference_url https://access.redhat.com/errata/RHSA-2025:4666
reference_id RHSA-2025:4666
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4666
65
reference_url https://access.redhat.com/errata/RHSA-2025:4810
reference_id RHSA-2025:4810
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4810
66
reference_url https://access.redhat.com/errata/RHSA-2025:7407
reference_id RHSA-2025:7407
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7407
67
reference_url https://access.redhat.com/errata/RHSA-2025:7479
reference_id RHSA-2025:7479
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7479
68
reference_url https://access.redhat.com/errata/RHSA-2025:7616
reference_id RHSA-2025:7616
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7616
69
reference_url https://access.redhat.com/errata/RHSA-2025:8284
reference_id RHSA-2025:8284
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8284
70
reference_url https://access.redhat.com/errata/RHSA-2025:8299
reference_id RHSA-2025:8299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8299
71
reference_url https://access.redhat.com/errata/RHSA-2025:8390
reference_id RHSA-2025:8390
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8390
72
reference_url https://access.redhat.com/errata/RHSA-2025:8510
reference_id RHSA-2025:8510
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8510
73
reference_url https://access.redhat.com/errata/RHSA-2025:9167
reference_id RHSA-2025:9167
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9167
74
reference_url https://access.redhat.com/errata/RHSA-2025:9541
reference_id RHSA-2025:9541
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9541
75
reference_url https://access.redhat.com/errata/RHSA-2025:9646
reference_id RHSA-2025:9646
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9646
76
reference_url https://access.redhat.com/errata/RHSA-2025:9759
reference_id RHSA-2025:9759
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9759
77
reference_url https://access.redhat.com/errata/RHSA-2026:2164
reference_id RHSA-2026:2164
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2164
78
reference_url https://access.redhat.com/errata/RHSA-2026:2172
reference_id RHSA-2026:2172
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2172
79
reference_url https://access.redhat.com/errata/RHSA-2026:3406
reference_id RHSA-2026:3406
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3406
80
reference_url https://access.redhat.com/errata/RHSA-2026:3461
reference_id RHSA-2026:3461
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3461
81
reference_url https://access.redhat.com/errata/RHSA-2026:3462
reference_id RHSA-2026:3462
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3462
82
reference_url https://access.redhat.com/errata/RHSA-2026:3718
reference_id RHSA-2026:3718
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3718
fixed_packages
aliases CVE-2025-22868, GHSA-6v2p-p543-phr9
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nrrp-y243-bfa1
2
url VCID-rbtx-222u-zudf
vulnerability_id VCID-rbtx-222u-zudf
summary 
DoS in go-jose Parsing
### Impact
When parsing compact JWS or JWE input, go-jose could use excessive memory. The code used strings.Split(token, ".") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of '.' characters.  An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service.

### Patches
Version 4.0.5 fixes this issue

### Workarounds
Applications could pre-validate payloads passed to go-jose do not contain an excessive number of '.' characters.

### References
This is the same sort of issue as in the golang.org/x/oauth2/jws package as CVE-2025-22868 and Go issue https://go.dev/issue/71490.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27144.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27144.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27144
reference_id
reference_type
scores
0
value 0.00078
scoring_system epss
scoring_elements 0.23266
published_at 2026-04-02T12:55:00Z
1
value 0.00109
scoring_system epss
scoring_elements 0.29369
published_at 2026-04-04T12:55:00Z
2
value 0.00112
scoring_system epss
scoring_elements 0.2953
published_at 2026-04-21T12:55:00Z
3
value 0.00112
scoring_system epss
scoring_elements 0.29574
published_at 2026-04-18T12:55:00Z
4
value 0.00112
scoring_system epss
scoring_elements 0.29636
published_at 2026-04-08T12:55:00Z
5
value 0.00112
scoring_system epss
scoring_elements 0.29673
published_at 2026-04-09T12:55:00Z
6
value 0.00112
scoring_system epss
scoring_elements 0.29676
published_at 2026-04-11T12:55:00Z
7
value 0.00112
scoring_system epss
scoring_elements 0.29632
published_at 2026-04-12T12:55:00Z
8
value 0.00112
scoring_system epss
scoring_elements 0.29581
published_at 2026-04-13T12:55:00Z
9
value 0.00112
scoring_system epss
scoring_elements 0.296
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27144
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/go-jose/go-jose
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/go-jose/go-jose
4
reference_url https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:26:42Z/
url https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22
5
reference_url https://github.com/go-jose/go-jose/releases/tag/v4.0.5
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:26:42Z/
url https://github.com/go-jose/go-jose/releases/tag/v4.0.5
6
reference_url https://github.com/go-jose/go-jose/security/advisories/GHSA-c6gw-w398-hv78
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:26:42Z/
url https://github.com/go-jose/go-jose/security/advisories/GHSA-c6gw-w398-hv78
7
reference_url https://github.com/golang/go/issues/71490
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/golang/go/issues/71490
8
reference_url https://go.dev/issue/71490
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://go.dev/issue/71490
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-27144
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-27144
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098908
reference_id 1098908
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098908
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2347423
reference_id 2347423
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2347423
12
reference_url https://access.redhat.com/errata/RHSA-2024:11038
reference_id RHSA-2024:11038
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:11038
13
reference_url https://access.redhat.com/errata/RHSA-2025:11396
reference_id RHSA-2025:11396
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11396
14
reference_url https://access.redhat.com/errata/RHSA-2025:19566
reference_id RHSA-2025:19566
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19566
15
reference_url https://access.redhat.com/errata/RHSA-2025:19594
reference_id RHSA-2025:19594
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19594
16
reference_url https://access.redhat.com/errata/RHSA-2025:22014
reference_id RHSA-2025:22014
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22014
17
reference_url https://access.redhat.com/errata/RHSA-2025:3059
reference_id RHSA-2025:3059
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3059
18
reference_url https://access.redhat.com/errata/RHSA-2025:3061
reference_id RHSA-2025:3061
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3061
19
reference_url https://access.redhat.com/errata/RHSA-2025:3066
reference_id RHSA-2025:3066
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3066
20
reference_url https://access.redhat.com/errata/RHSA-2025:3068
reference_id RHSA-2025:3068
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3068
21
reference_url https://access.redhat.com/errata/RHSA-2025:3131
reference_id RHSA-2025:3131
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3131
22
reference_url https://access.redhat.com/errata/RHSA-2025:3132
reference_id RHSA-2025:3132
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3132
23
reference_url https://access.redhat.com/errata/RHSA-2025:3335
reference_id RHSA-2025:3335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3335
24
reference_url https://access.redhat.com/errata/RHSA-2025:3438
reference_id RHSA-2025:3438
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3438
25
reference_url https://access.redhat.com/errata/RHSA-2025:3439
reference_id RHSA-2025:3439
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3439
26
reference_url https://access.redhat.com/errata/RHSA-2025:3501
reference_id RHSA-2025:3501
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3501
27
reference_url https://access.redhat.com/errata/RHSA-2025:3593
reference_id RHSA-2025:3593
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3593
28
reference_url https://access.redhat.com/errata/RHSA-2025:3743
reference_id RHSA-2025:3743
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3743
29
reference_url https://access.redhat.com/errata/RHSA-2025:3775
reference_id RHSA-2025:3775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3775
30
reference_url https://access.redhat.com/errata/RHSA-2025:3820
reference_id RHSA-2025:3820
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3820
31
reference_url https://access.redhat.com/errata/RHSA-2025:3906
reference_id RHSA-2025:3906
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3906
32
reference_url https://access.redhat.com/errata/RHSA-2025:4427
reference_id RHSA-2025:4427
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4427
33
reference_url https://access.redhat.com/errata/RHSA-2025:4712
reference_id RHSA-2025:4712
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4712
34
reference_url https://access.redhat.com/errata/RHSA-2025:7389
reference_id RHSA-2025:7389
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7389
35
reference_url https://access.redhat.com/errata/RHSA-2025:7391
reference_id RHSA-2025:7391
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7391
36
reference_url https://access.redhat.com/errata/RHSA-2025:7397
reference_id RHSA-2025:7397
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7397
37
reference_url https://access.redhat.com/errata/RHSA-2025:7407
reference_id RHSA-2025:7407
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7407
38
reference_url https://access.redhat.com/errata/RHSA-2025:7459
reference_id RHSA-2025:7459
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7459
39
reference_url https://access.redhat.com/errata/RHSA-2025:7462
reference_id RHSA-2025:7462
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7462
40
reference_url https://access.redhat.com/errata/RHSA-2025:7467
reference_id RHSA-2025:7467
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7467
41
reference_url https://access.redhat.com/errata/RHSA-2025:7479
reference_id RHSA-2025:7479
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7479
42
reference_url https://access.redhat.com/errata/RHSA-2025:7669
reference_id RHSA-2025:7669
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7669
43
reference_url https://access.redhat.com/errata/RHSA-2025:9167
reference_id RHSA-2025:9167
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9167
44
reference_url https://access.redhat.com/errata/RHSA-2026:3718
reference_id RHSA-2026:3718
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3718
fixed_packages
aliases CVE-2025-27144, GHSA-c6gw-w398-hv78
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rbtx-222u-zudf
3
url VCID-s5gr-zsbz-xkbe
vulnerability_id VCID-s5gr-zsbz-xkbe
summary 
jwt-go allows excessive memory allocation during header parsing
### Summary

Function [`parse.ParseUnverified`](https://github.com/golang-jwt/jwt/blob/c035977d9e11c351f4c05dfeae193923cbab49ee/parser.go#L138-L139) currently splits (via a call to [strings.Split](https://pkg.go.dev/strings#Split)) its argument (which is untrusted data) on periods.

As a result, in the face of a malicious request whose _Authorization_ header consists of `Bearer ` followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: [CWE-405: Asymmetric Resource Consumption (Amplification)](https://cwe.mitre.org/data/definitions/405.html)

### Details

See [`parse.ParseUnverified`](https://github.com/golang-jwt/jwt/blob/c035977d9e11c351f4c05dfeae193923cbab49ee/parser.go#L138-L139) 

### Impact

Excessive memory allocation
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30204.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30204.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-30204
reference_id
reference_type
scores
0
value 0.00102
scoring_system epss
scoring_elements 0.27961
published_at 2026-04-21T12:55:00Z
1
value 0.00102
scoring_system epss
scoring_elements 0.2801
published_at 2026-04-18T12:55:00Z
2
value 0.00102
scoring_system epss
scoring_elements 0.28027
published_at 2026-04-16T12:55:00Z
3
value 0.00102
scoring_system epss
scoring_elements 0.28018
published_at 2026-04-13T12:55:00Z
4
value 0.00102
scoring_system epss
scoring_elements 0.28075
published_at 2026-04-12T12:55:00Z
5
value 0.00102
scoring_system epss
scoring_elements 0.28002
published_at 2026-04-07T12:55:00Z
6
value 0.00102
scoring_system epss
scoring_elements 0.28163
published_at 2026-04-02T12:55:00Z
7
value 0.00102
scoring_system epss
scoring_elements 0.28206
published_at 2026-04-04T12:55:00Z
8
value 0.00102
scoring_system epss
scoring_elements 0.28118
published_at 2026-04-11T12:55:00Z
9
value 0.00102
scoring_system epss
scoring_elements 0.28069
published_at 2026-04-08T12:55:00Z
10
value 0.00102
scoring_system epss
scoring_elements 0.28111
published_at 2026-04-09T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-30204
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/golang-jwt/jwt
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/golang-jwt/jwt
4
reference_url https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T14:10:18Z/
url https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3
5
reference_url https://github.com/golang-jwt/jwt/commit/bf316c48137a1212f8d0af9288cc9ce8e59f1afb
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T14:10:18Z/
url https://github.com/golang-jwt/jwt/commit/bf316c48137a1212f8d0af9288cc9ce8e59f1afb
6
reference_url https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-24T14:10:18Z/
url https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-30204
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-30204
8
reference_url https://security.netapp.com/advisory/ntap-20250404-0002
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250404-0002
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2354195
reference_id 2354195
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2354195
10
reference_url https://access.redhat.com/errata/RHSA-2025:11396
reference_id RHSA-2025:11396
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11396
11
reference_url https://access.redhat.com/errata/RHSA-2025:11573
reference_id RHSA-2025:11573
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11573
12
reference_url https://access.redhat.com/errata/RHSA-2025:11669
reference_id RHSA-2025:11669
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11669
13
reference_url https://access.redhat.com/errata/RHSA-2025:11749
reference_id RHSA-2025:11749
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11749
14
reference_url https://access.redhat.com/errata/RHSA-2025:13900
reference_id RHSA-2025:13900
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:13900
15
reference_url https://access.redhat.com/errata/RHSA-2025:14048
reference_id RHSA-2025:14048
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14048
16
reference_url https://access.redhat.com/errata/RHSA-2025:14855
reference_id RHSA-2025:14855
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:14855
17
reference_url https://access.redhat.com/errata/RHSA-2025:15332
reference_id RHSA-2025:15332
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15332
18
reference_url https://access.redhat.com/errata/RHSA-2025:15673
reference_id RHSA-2025:15673
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15673
19
reference_url https://access.redhat.com/errata/RHSA-2025:15872
reference_id RHSA-2025:15872
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:15872
20
reference_url https://access.redhat.com/errata/RHSA-2025:16101
reference_id RHSA-2025:16101
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16101
21
reference_url https://access.redhat.com/errata/RHSA-2025:16595
reference_id RHSA-2025:16595
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:16595
22
reference_url https://access.redhat.com/errata/RHSA-2025:17671
reference_id RHSA-2025:17671
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17671
23
reference_url https://access.redhat.com/errata/RHSA-2025:18241
reference_id RHSA-2025:18241
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18241
24
reference_url https://access.redhat.com/errata/RHSA-2025:18242
reference_id RHSA-2025:18242
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:18242
25
reference_url https://access.redhat.com/errata/RHSA-2025:23057
reference_id RHSA-2025:23057
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23057
26
reference_url https://access.redhat.com/errata/RHSA-2025:23534
reference_id RHSA-2025:23534
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23534
27
reference_url https://access.redhat.com/errata/RHSA-2025:23535
reference_id RHSA-2025:23535
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23535
28
reference_url https://access.redhat.com/errata/RHSA-2025:23916
reference_id RHSA-2025:23916
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:23916
29
reference_url https://access.redhat.com/errata/RHSA-2025:3344
reference_id RHSA-2025:3344
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3344
30
reference_url https://access.redhat.com/errata/RHSA-2025:3411
reference_id RHSA-2025:3411
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3411
31
reference_url https://access.redhat.com/errata/RHSA-2025:3503
reference_id RHSA-2025:3503
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3503
32
reference_url https://access.redhat.com/errata/RHSA-2025:3565
reference_id RHSA-2025:3565
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3565
33
reference_url https://access.redhat.com/errata/RHSA-2025:3569
reference_id RHSA-2025:3569
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3569
34
reference_url https://access.redhat.com/errata/RHSA-2025:3607
reference_id RHSA-2025:3607
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3607
35
reference_url https://access.redhat.com/errata/RHSA-2025:3616
reference_id RHSA-2025:3616
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3616
36
reference_url https://access.redhat.com/errata/RHSA-2025:3618
reference_id RHSA-2025:3618
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3618
37
reference_url https://access.redhat.com/errata/RHSA-2025:3698
reference_id RHSA-2025:3698
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3698
38
reference_url https://access.redhat.com/errata/RHSA-2025:3740
reference_id RHSA-2025:3740
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3740
39
reference_url https://access.redhat.com/errata/RHSA-2025:3743
reference_id RHSA-2025:3743
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3743
40
reference_url https://access.redhat.com/errata/RHSA-2025:3775
reference_id RHSA-2025:3775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3775
41
reference_url https://access.redhat.com/errata/RHSA-2025:3790
reference_id RHSA-2025:3790
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3790
42
reference_url https://access.redhat.com/errata/RHSA-2025:3808
reference_id RHSA-2025:3808
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3808
43
reference_url https://access.redhat.com/errata/RHSA-2025:3811
reference_id RHSA-2025:3811
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3811
44
reference_url https://access.redhat.com/errata/RHSA-2025:3813
reference_id RHSA-2025:3813
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3813
45
reference_url https://access.redhat.com/errata/RHSA-2025:3814
reference_id RHSA-2025:3814
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3814
46
reference_url https://access.redhat.com/errata/RHSA-2025:3820
reference_id RHSA-2025:3820
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3820
47
reference_url https://access.redhat.com/errata/RHSA-2025:3905
reference_id RHSA-2025:3905
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3905
48
reference_url https://access.redhat.com/errata/RHSA-2025:3906
reference_id RHSA-2025:3906
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3906
49
reference_url https://access.redhat.com/errata/RHSA-2025:3907
reference_id RHSA-2025:3907
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3907
50
reference_url https://access.redhat.com/errata/RHSA-2025:3928
reference_id RHSA-2025:3928
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3928
51
reference_url https://access.redhat.com/errata/RHSA-2025:3929
reference_id RHSA-2025:3929
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3929
52
reference_url https://access.redhat.com/errata/RHSA-2025:3930
reference_id RHSA-2025:3930
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3930
53
reference_url https://access.redhat.com/errata/RHSA-2025:3993
reference_id RHSA-2025:3993
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3993
54
reference_url https://access.redhat.com/errata/RHSA-2025:4008
reference_id RHSA-2025:4008
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4008
55
reference_url https://access.redhat.com/errata/RHSA-2025:4012
reference_id RHSA-2025:4012
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4012
56
reference_url https://access.redhat.com/errata/RHSA-2025:4019
reference_id RHSA-2025:4019
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4019
57
reference_url https://access.redhat.com/errata/RHSA-2025:4171
reference_id RHSA-2025:4171
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4171
58
reference_url https://access.redhat.com/errata/RHSA-2025:4177
reference_id RHSA-2025:4177
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4177
59
reference_url https://access.redhat.com/errata/RHSA-2025:4188
reference_id RHSA-2025:4188
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4188
60
reference_url https://access.redhat.com/errata/RHSA-2025:4204
reference_id RHSA-2025:4204
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4204
61
reference_url https://access.redhat.com/errata/RHSA-2025:4250
reference_id RHSA-2025:4250
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4250
62
reference_url https://access.redhat.com/errata/RHSA-2025:4409
reference_id RHSA-2025:4409
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4409
63
reference_url https://access.redhat.com/errata/RHSA-2025:4422
reference_id RHSA-2025:4422
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4422
64
reference_url https://access.redhat.com/errata/RHSA-2025:4462
reference_id RHSA-2025:4462
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4462
65
reference_url https://access.redhat.com/errata/RHSA-2025:4473
reference_id RHSA-2025:4473
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4473
66
reference_url https://access.redhat.com/errata/RHSA-2025:4502
reference_id RHSA-2025:4502
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4502
67
reference_url https://access.redhat.com/errata/RHSA-2025:4569
reference_id RHSA-2025:4569
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4569
68
reference_url https://access.redhat.com/errata/RHSA-2025:4666
reference_id RHSA-2025:4666
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4666
69
reference_url https://access.redhat.com/errata/RHSA-2025:4669
reference_id RHSA-2025:4669
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4669
70
reference_url https://access.redhat.com/errata/RHSA-2025:4677
reference_id RHSA-2025:4677
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4677
71
reference_url https://access.redhat.com/errata/RHSA-2025:4810
reference_id RHSA-2025:4810
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4810
72
reference_url https://access.redhat.com/errata/RHSA-2025:7404
reference_id RHSA-2025:7404
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7404
73
reference_url https://access.redhat.com/errata/RHSA-2025:7407
reference_id RHSA-2025:7407
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7407
74
reference_url https://access.redhat.com/errata/RHSA-2025:7425
reference_id RHSA-2025:7425
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7425
75
reference_url https://access.redhat.com/errata/RHSA-2025:7475
reference_id RHSA-2025:7475
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7475
76
reference_url https://access.redhat.com/errata/RHSA-2025:7479
reference_id RHSA-2025:7479
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7479
77
reference_url https://access.redhat.com/errata/RHSA-2025:7503
reference_id RHSA-2025:7503
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7503
78
reference_url https://access.redhat.com/errata/RHSA-2025:7702
reference_id RHSA-2025:7702
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7702
79
reference_url https://access.redhat.com/errata/RHSA-2025:7967
reference_id RHSA-2025:7967
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7967
80
reference_url https://access.redhat.com/errata/RHSA-2025:8075
reference_id RHSA-2025:8075
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8075
81
reference_url https://access.redhat.com/errata/RHSA-2025:8244
reference_id RHSA-2025:8244
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8244
82
reference_url https://access.redhat.com/errata/RHSA-2025:8267
reference_id RHSA-2025:8267
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8267
83
reference_url https://access.redhat.com/errata/RHSA-2025:8384
reference_id RHSA-2025:8384
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8384
84
reference_url https://access.redhat.com/errata/RHSA-2025:8390
reference_id RHSA-2025:8390
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8390
85
reference_url https://access.redhat.com/errata/RHSA-2025:8392
reference_id RHSA-2025:8392
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8392
86
reference_url https://access.redhat.com/errata/RHSA-2025:8510
reference_id RHSA-2025:8510
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8510
87
reference_url https://access.redhat.com/errata/RHSA-2025:8542
reference_id RHSA-2025:8542
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8542
88
reference_url https://access.redhat.com/errata/RHSA-2025:8552
reference_id RHSA-2025:8552
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8552
89
reference_url https://access.redhat.com/errata/RHSA-2025:8560
reference_id RHSA-2025:8560
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8560
90
reference_url https://access.redhat.com/errata/RHSA-2025:8691
reference_id RHSA-2025:8691
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:8691
91
reference_url https://access.redhat.com/errata/RHSA-2025:9167
reference_id RHSA-2025:9167
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9167
92
reference_url https://access.redhat.com/errata/RHSA-2025:9259
reference_id RHSA-2025:9259
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9259
93
reference_url https://access.redhat.com/errata/RHSA-2025:9388
reference_id RHSA-2025:9388
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9388
94
reference_url https://access.redhat.com/errata/RHSA-2025:9541
reference_id RHSA-2025:9541
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9541
95
reference_url https://access.redhat.com/errata/RHSA-2025:9646
reference_id RHSA-2025:9646
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9646
96
reference_url https://access.redhat.com/errata/RHSA-2026:2155
reference_id RHSA-2026:2155
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2155
97
reference_url https://access.redhat.com/errata/RHSA-2026:2164
reference_id RHSA-2026:2164
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2164
98
reference_url https://access.redhat.com/errata/RHSA-2026:2172
reference_id RHSA-2026:2172
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:2172
99
reference_url https://access.redhat.com/errata/RHSA-2026:3718
reference_id RHSA-2026:3718
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3718
fixed_packages
aliases CVE-2025-30204, GHSA-mh63-6h87-95cp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s5gr-zsbz-xkbe
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/opentelemetry-collector@0.107.0-8%3Farch=el9_6