Github.Com Dvsekhvalnov Jose2Go vulnerabilities
2 known vulnerabilities affecting github.com/dvsekhvalnov_jose2go.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-63811HIGH≥ 0, < 1.7.02025-11-12
CVE-2025-63811 [HIGH] CWE-400 jose2go is vulnerable to a JWT bomb attack through its decode function
jose2go is vulnerable to a JWT bomb attack through its decode function
An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allowing an attacker to cause a Denial-of-Service (DoS) via crafted JSON Web Encryption (JWE) token with an exceptionally high compression ratio.
ghsaosv
CVE-2023-50658MEDIUM≥ 0, < 1.6.02024-02-29
CVE-2023-50658 [MEDIUM] CWE-400 jose2go vulnerable to denial of service via large p2c value
jose2go vulnerable to denial of service via large p2c value
The jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
ghsaosv