mirror of
https://github.com/superseriousbusiness/gotosocial.git
synced 2025-02-10 06:40:17 +00:00
7a9b493f47
Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.0 to 3.0.1. - [Release notes](https://github.com/go-jose/go-jose/releases) - [Changelog](https://github.com/go-jose/go-jose/blob/v3/CHANGELOG.md) - [Commits](https://github.com/go-jose/go-jose/compare/v3.0.0...v3.0.1) --- updated-dependencies: - dependency-name: github.com/go-jose/go-jose/v3 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
9 lines
443 B
Markdown
9 lines
443 B
Markdown
# v3.0.1
|
|
|
|
Fixed:
|
|
- Security issue: an attacker specifying a large "p2c" value can cause
|
|
JSONWebEncryption.Decrypt and JSONWebEncryption.DecryptMulti to consume large
|
|
amounts of CPU, causing a DoS. Thanks to Matt Schwager (@mschwager) for the
|
|
disclosure and to Tom Tervoort for originally publishing the category of attack.
|
|
https://i.blackhat.com/BH-US-23/Presentations/US-23-Tervoort-Three-New-Attacks-Against-JSON-Web-Tokens.pdf
|