Publish GHSA-6294-6rgp-fr7r

advisory-database[bot] · advisory-database[bot] · commit c06620e8eb05 · 2026-02-03T16:44:57.000Z
diff --git a/advisories/github-reviewed/2024/02/GHSA-6294-6rgp-fr7r/GHSA-6294-6rgp-fr7r.json b/advisories/github-reviewed/2024/02/GHSA-6294-6rgp-fr7r/GHSA-6294-6rgp-fr7r.json
@@ -1,14 +1,19 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-6294-6rgp-fr7r",
-  "modified": "2024-07-05T21:33:55Z",
+  "modified": "2026-02-03T16:43:30Z",
   "published": "2024-02-29T03:33:14Z",
   "aliases": [
     "CVE-2023-50658"
   ],
   "summary": "jose2go vulnerable to denial of service via large p2c value",
   "details": "The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.",
-  "severity": [],
+  "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"
+    }
+  ],
   "affected": [
     {
       "package": {
@@ -51,13 +56,19 @@
       "type": "WEB",
       "url": "https://github.com/dvsekhvalnov/jose2go/compare/v1.5.0...v1.6.0"
     },
+    {
+      "type": "WEB",
+      "url": "https://pkg.go.dev/vuln/GO-2023-2409"
+    },
     {
       "type": "WEB",
       "url": "https://www.blackhat.com/us-23/briefings/schedule/#three-new-attacks-against-json-web-tokens-31695"
     }
   ],
   "database_specific": {
-    "cwe_ids": [],
+    "cwe_ids": [
+      "CWE-400"
+    ],
     "severity": "MODERATE",
     "github_reviewed": true,
     "github_reviewed_at": "2024-03-01T16:56:03Z",
