Browse all 3 CVE security advisories affecting lestrrat-go. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Lestrrat-go is a Go library for handling MIME structures and email parsing, commonly used in email processing applications. Historically, it has been susceptible to remote code execution vulnerabilities due to unsafe parsing of complex MIME structures and cross-site scripting flaws through improper input sanitization. The library has also faced privilege escalation issues in certain configurations. While no major public security incidents have been documented, the three CVEs recorded highlight risks in input validation and memory handling. Developers should implement strict input validation and consider sandboxing when processing untrusted email content to mitigate potential exploitation vectors.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2024-28122 | JWX vulnerable to a denial of service attack using compressed JWE message — jwxCWE-400 | 6.8 | Medium | 2024-03-09 |
| CVE-2024-21664 | Parsing JSON serialized payload without protected field can lead to segfault — jwxCWE-476 | 4.3 | Medium | 2024-01-09 |
| CVE-2023-49290 | Malicious parameters can cause a denial of service in lestrrat-go/jwx — jwxCWE-400 | 5.3 | Medium | 2023-12-04 |
This page lists every published CVE security advisory associated with lestrrat-go. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.