VulnerableCode Package Details - pkg:rpm/redhat/multicluster-engine-placement@container-v2.6?arch=8-15

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/multicluster-engine-placement@container-v2.6?arch=8-15

purl	pkg:rpm/redhat/multicluster-engine-placement@container-v2.6?arch=8-15

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.0

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-s5gr-zsbz-xkbe Aliases: CVE-2025-30204 GHSA-mh63-6h87-95cp	jwt-go allows excessive memory allocation during header parsing ### Summary Function [`parse.ParseUnverified`](https://github.com/golang-jwt/jwt/blob/c035977d9e11c351f4c05dfeae193923cbab49ee/parser.go#L138-L139) currently splits (via a call to [strings.Split](https://pkg.go.dev/strings#Split)) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose _Authorization_ header consists of `Bearer ` followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. Relevant weakness: [CWE-405: Asymmetric Resource Consumption (Amplification)](https://cwe.mitre.org/data/definitions/405.html) ### Details See [`parse.ParseUnverified`](https://github.com/golang-jwt/jwt/blob/c035977d9e11c351f4c05dfeae193923cbab49ee/parser.go#L138-L139) ### Impact Excessive memory allocation	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:41:43.279203+00:00	RedHat Importer	Affected by	VCID-s5gr-zsbz-xkbe	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-30204.json	38.0.0