GO-2024-3250

See a problem?
Please try reporting it to the source first.

Source

https://pkg.go.dev/vuln/GO-2024-3250

Import Source

https://vuln.go.dev/ID/GO-2024-3250.json

JSON Data

https://api.test.osv.dev/v1/vulns/GO-2024-3250

Aliases

Published

2024-11-12T13:55:08Z

Modified

2024-11-12T14:50:10Z

Summary

Improper error handling in ParseWithClaims and bad documentation may cause dangerous situations in github.com/golang-jwt/jwt

Details

Improper error handling in ParseWithClaims and bad documentation may cause dangerous situations in github.com/golang-jwt/jwt

Database specific

{
    "url": "https://pkg.go.dev/vuln/GO-2024-3250",
    "review_status": "REVIEWED"
}

References

Affected packages

Go / github.com/golang-jwt/jwt/v4

Package

Name: github.com/golang-jwt/jwt/v4; View open source insights on deps.dev
Purl: pkg:golang/github.com/golang-jwt/jwt/v4

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.5.1

Ecosystem specific

{
    "imports": [
        {
            "path": "github.com/golang-jwt/jwt/v4",
            "symbols": [
                "Parse",
                "ParseWithClaims",
                "Parser.Parse",
                "Parser.ParseWithClaims"
            ]
        }
    ]
}