CVE-2025-63811

Опубликовано: 12 нояб. 2025

Источник: ubuntu

Приоритет: medium

CVSS3: 7.5

Описание

An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allowing an attacker to cause a Denial-of-Service (DoS) via crafted JSON Web Encryption (JWE) token with an exceptionally high compression ratio.

Релиз	Статус	Примечание
devel	needs-triage
esm-apps/bionic	needs-triage
esm-apps/focal	needs-triage
esm-apps/jammy	needs-triage
esm-apps/noble	needs-triage
esm-apps/xenial	needs-triage
jammy	needs-triage
noble	needs-triage
plucky	ignored	end of life, was needs-triage
questing	needs-triage

Показывать по

Ссылки на источники

https://www.cve.org/CVERecord?id=CVE-2025-63811

7.5 High

CVSS3

Связанные уязвимости

CVE-2025-63811

CVSS3: 7.5

nvd

3 месяца назад

CVE-2025-63811

CVSS3: 7.5

debian

3 месяца назад

An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allow ...

GHSA-9mj6-hxhv-w67j

CVSS3: 7.5

github

3 месяца назад

jose2go is vulnerable to a JWT bomb attack through its decode function

7.5 High

CVSS3

CVE-2025-63811

Описание

Пакет golang-github-dvsekhvalnov-jose2go

Ссылки на источники

Связанные уязвимости