DescriptionA null pointer dereference vulnerability was found in the jwx/jws Go module. This issue arises when invoking "jws.Parse" with a JSON serialized payload containing a present signature field while the protected field is absentm, which may cause a system crash or initiate a denial of service (DOS) attack during JWS verification.A null pointer dereference vulnerability was found in the jwx/jws Go module. This issue arises when invoking "jws.Parse" with a JSON serialized payload containing a present signature field while the protected field is absentm, which may cause a system crash or initiate a denial of service (DOS) attack during JWS verification.
Unless explicitly stated as not affected, all previous versions of packages in any minor update stream of a product listed here should be assumed vulnerable, although may not have been subject to full analysis.