The version of docker installed on the remote host is prior to 25.0.8-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2025-055 advisory. golang-jwt is a Go implementation of JSON Web Tokens. Prior to5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2. (CVE-2025-30204) Tenable has extracted the preceding description block directly from the tested product security advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version…Read More
Amazon Linux 2 : docker (ALASECS-2025-055)
