Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/golang-github-go-jose-go-jose@4.0.5-1?distro=trixie
Typedeb
Namespacedebian
Namegolang-github-go-jose-go-jose
Version4.0.5-1
Qualifiers
distro trixie
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version4.1.4-1
Latest_non_vulnerable_version4.1.4-1
Affected_by_vulnerabilities
0
url VCID-r5yf-qtqg-93cs
vulnerability_id VCID-r5yf-qtqg-93cs
summary 
Go JOSE Panics in JWE decryption
### Impact

Decrypting a JSON Web Encryption (JWE) object will panic if the `alg` field indicates a key wrapping algorithm ([one ending in `KW`](https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants), with the exception of `A128GCMKW`, `A192GCMKW`, and `A256GCMKW`) and the `encrypted_key` field is empty. The panic happens when `cipher.KeyUnwrap()` in `key_wrap.go` attempts to allocate a slice with a zero or negative length based on the length of the `encrypted_key`.

This code path is reachable from `ParseEncrypted()` / `ParseEncryptedJSON()` / `ParseEncryptedCompact()` followed by `Decrypt()` on the resulting object. Note that the parse functions take a list of accepted key algorithms. If the accepted key algorithms do not include any key wrapping algorithms, parsing will fail and the application will be unaffected.

This panic is also reachable by calling `cipher.KeyUnwrap()` directly with any `ciphertext` parameter less than 16 bytes long, but calling this function directly is less common.

Panics can lead to denial of service.

### Fixed In

4.1.4 and v3.0.5

### Workarounds

If the list of `keyAlgorithms` passed to `ParseEncrypted()` / `ParseEncryptedJSON()` / `ParseEncryptedCompact()` does not include key wrapping algorithms (those ending in `KW`), your application is unaffected.

If your application uses key wrapping, you can prevalidate to the JWE objects to ensure the `encrypted_key` field is nonempty. If your application accepts JWE Compact Serialization, apply that validation to the corresponding field of that serialization (the data between the first and second `.`).

### Thanks

Go JOSE thanks Datadog's Security team for finding this issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34986.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34986.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-34986
reference_id
reference_type
scores
0
value 0.00015
scoring_system epss
scoring_elements 0.03002
published_at 2026-04-08T12:55:00Z
1
value 0.00015
scoring_system epss
scoring_elements 0.03001
published_at 2026-04-07T12:55:00Z
2
value 0.00015
scoring_system epss
scoring_elements 0.02988
published_at 2026-04-11T12:55:00Z
3
value 0.00015
scoring_system epss
scoring_elements 0.03026
published_at 2026-04-09T12:55:00Z
4
value 0.00019
scoring_system epss
scoring_elements 0.05291
published_at 2026-04-21T12:55:00Z
5
value 0.00019
scoring_system epss
scoring_elements 0.05191
published_at 2026-04-13T12:55:00Z
6
value 0.00019
scoring_system epss
scoring_elements 0.05205
published_at 2026-04-12T12:55:00Z
7
value 0.00019
scoring_system epss
scoring_elements 0.05135
published_at 2026-04-16T12:55:00Z
8
value 0.00019
scoring_system epss
scoring_elements 0.05138
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-34986
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34986
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34986
3
reference_url https://github.com/go-jose/go-jose
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/go-jose/go-jose
4
reference_url https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:21:42Z/
url https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-34986
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-34986
6
reference_url https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-07T14:21:42Z/
url https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2455470
reference_id 2455470
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2455470
8
reference_url https://access.redhat.com/errata/RHSA-2026:8490
reference_id RHSA-2026:8490
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8490
9
reference_url https://access.redhat.com/errata/RHSA-2026:8491
reference_id RHSA-2026:8491
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8491
10
reference_url https://access.redhat.com/errata/RHSA-2026:8493
reference_id RHSA-2026:8493
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:8493
fixed_packages
0
url pkg:deb/debian/golang-github-go-jose-go-jose@4.1.4-1?distro=trixie
purl pkg:deb/debian/golang-github-go-jose-go-jose@4.1.4-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-jose-go-jose@4.1.4-1%3Fdistro=trixie
aliases CVE-2026-34986, GHSA-78h2-9frx-2jm8
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r5yf-qtqg-93cs
Fixing_vulnerabilities
0
url VCID-bq1t-9nnj-mkes
vulnerability_id VCID-bq1t-9nnj-mkes
summary 
Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)
### Impact
An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). Thanks to Enze Wang@Alioth and Jianjun Chen@Zhongguancun Lab (@zer0yu and @chenjj) for reporting.

### Patches
The problem is fixed in the following packages and versions:
- github.com/go-jose/go-jose/v4 version 4.0.1
- github.com/go-jose/go-jose/v3 version 3.0.3
- gopkg.in/go-jose/go-jose.v2 version 2.6.3

The problem will not be fixed in the following package because the package is archived:
- gopkg.in/square/go-jose.v2
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28180.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-28180.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-28180
reference_id
reference_type
scores
0
value 0.04859
scoring_system epss
scoring_elements 0.89559
published_at 2026-04-21T12:55:00Z
1
value 0.04859
scoring_system epss
scoring_elements 0.89563
published_at 2026-04-18T12:55:00Z
2
value 0.04859
scoring_system epss
scoring_elements 0.89561
published_at 2026-04-16T12:55:00Z
3
value 0.04859
scoring_system epss
scoring_elements 0.89547
published_at 2026-04-13T12:55:00Z
4
value 0.04859
scoring_system epss
scoring_elements 0.89545
published_at 2026-04-09T12:55:00Z
5
value 0.04859
scoring_system epss
scoring_elements 0.89542
published_at 2026-04-08T12:55:00Z
6
value 0.04859
scoring_system epss
scoring_elements 0.89552
published_at 2026-04-12T12:55:00Z
7
value 0.04859
scoring_system epss
scoring_elements 0.89553
published_at 2026-04-11T12:55:00Z
8
value 0.04859
scoring_system epss
scoring_elements 0.89513
published_at 2026-04-02T12:55:00Z
9
value 0.04859
scoring_system epss
scoring_elements 0.89526
published_at 2026-04-07T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-28180
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28180
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28180
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/go-jose/go-jose
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/go-jose/go-jose
5
reference_url https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-11T15:08:38Z/
url https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298
6
reference_url https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-11T15:08:38Z/
url https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a
7
reference_url https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf96339502
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-11T15:08:38Z/
url https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf96339502
8
reference_url https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-11T15:08:38Z/
url https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ
10
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6MMWFBOXJA6ZCXNVPDFJ4XMK5PVG5RG
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6MMWFBOXJA6ZCXNVPDFJ4XMK5PVG5RG
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ6LAJJ2FTA2JVVOACCV5RZTOIZLXUNJ
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ6LAJJ2FTA2JVVOACCV5RZTOIZLXUNJ
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNPMXL36YGS3GQEVI3Q5HKHJ7YAAQXL5
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNPMXL36YGS3GQEVI3Q5HKHJ7YAAQXL5
13
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY
14
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MSOMHDKRPU3A2JEMRODT2IREDFBLVPGS
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MSOMHDKRPU3A2JEMRODT2IREDFBLVPGS
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UG5FSEYJ3GP27FZXC5YAAMMEC5XWKJHG
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UG5FSEYJ3GP27FZXC5YAAMMEC5XWKJHG
16
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJO2U5ACZVACNQXJ5EBRFLFW6DP5BROY
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJO2U5ACZVACNQXJ5EBRFLFW6DP5BROY
17
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH
18
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-28180
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-28180
19
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065814
reference_id 1065814
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065814
20
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2268854
reference_id 2268854
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2268854
21
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/
reference_id GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-11T15:08:38Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GD2GSBQTBLYADASUBHHZV2CZPTSLIPQJ/
22
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6MMWFBOXJA6ZCXNVPDFJ4XMK5PVG5RG/
reference_id I6MMWFBOXJA6ZCXNVPDFJ4XMK5PVG5RG
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-11T15:08:38Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6MMWFBOXJA6ZCXNVPDFJ4XMK5PVG5RG/
23
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ6LAJJ2FTA2JVVOACCV5RZTOIZLXUNJ/
reference_id IJ6LAJJ2FTA2JVVOACCV5RZTOIZLXUNJ
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-11T15:08:38Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IJ6LAJJ2FTA2JVVOACCV5RZTOIZLXUNJ/
24
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNPMXL36YGS3GQEVI3Q5HKHJ7YAAQXL5/
reference_id JNPMXL36YGS3GQEVI3Q5HKHJ7YAAQXL5
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-11T15:08:38Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JNPMXL36YGS3GQEVI3Q5HKHJ7YAAQXL5/
25
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY/
reference_id KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-11T15:08:38Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY/
26
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MSOMHDKRPU3A2JEMRODT2IREDFBLVPGS/
reference_id MSOMHDKRPU3A2JEMRODT2IREDFBLVPGS
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-11T15:08:38Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MSOMHDKRPU3A2JEMRODT2IREDFBLVPGS/
27
reference_url https://access.redhat.com/errata/RHSA-2024:1456
reference_id RHSA-2024:1456
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1456
28
reference_url https://access.redhat.com/errata/RHSA-2024:1570
reference_id RHSA-2024:1570
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1570
29
reference_url https://access.redhat.com/errata/RHSA-2024:1812
reference_id RHSA-2024:1812
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1812
30
reference_url https://access.redhat.com/errata/RHSA-2024:1859
reference_id RHSA-2024:1859
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1859
31
reference_url https://access.redhat.com/errata/RHSA-2024:1946
reference_id RHSA-2024:1946
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:1946
32
reference_url https://access.redhat.com/errata/RHSA-2024:2054
reference_id RHSA-2024:2054
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2054
33
reference_url https://access.redhat.com/errata/RHSA-2024:2071
reference_id RHSA-2024:2071
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2071
34
reference_url https://access.redhat.com/errata/RHSA-2024:2096
reference_id RHSA-2024:2096
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2096
35
reference_url https://access.redhat.com/errata/RHSA-2024:2549
reference_id RHSA-2024:2549
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2549
36
reference_url https://access.redhat.com/errata/RHSA-2024:2639
reference_id RHSA-2024:2639
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2639
37
reference_url https://access.redhat.com/errata/RHSA-2024:2773
reference_id RHSA-2024:2773
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2773
38
reference_url https://access.redhat.com/errata/RHSA-2024:2776
reference_id RHSA-2024:2776
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2776
39
reference_url https://access.redhat.com/errata/RHSA-2024:2865
reference_id RHSA-2024:2865
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2865
40
reference_url https://access.redhat.com/errata/RHSA-2024:2869
reference_id RHSA-2024:2869
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2869
41
reference_url https://access.redhat.com/errata/RHSA-2024:2875
reference_id RHSA-2024:2875
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:2875
42
reference_url https://access.redhat.com/errata/RHSA-2024:3327
reference_id RHSA-2024:3327
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3327
43
reference_url https://access.redhat.com/errata/RHSA-2024:3349
reference_id RHSA-2024:3349
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3349
44
reference_url https://access.redhat.com/errata/RHSA-2024:3351
reference_id RHSA-2024:3351
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3351
45
reference_url https://access.redhat.com/errata/RHSA-2024:3523
reference_id RHSA-2024:3523
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3523
46
reference_url https://access.redhat.com/errata/RHSA-2024:3826
reference_id RHSA-2024:3826
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3826
47
reference_url https://access.redhat.com/errata/RHSA-2024:3827
reference_id RHSA-2024:3827
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3827
48
reference_url https://access.redhat.com/errata/RHSA-2024:3968
reference_id RHSA-2024:3968
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3968
49
reference_url https://access.redhat.com/errata/RHSA-2024:4006
reference_id RHSA-2024:4006
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4006
50
reference_url https://access.redhat.com/errata/RHSA-2024:4010
reference_id RHSA-2024:4010
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4010
51
reference_url https://access.redhat.com/errata/RHSA-2024:4041
reference_id RHSA-2024:4041
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4041
52
reference_url https://access.redhat.com/errata/RHSA-2024:4455
reference_id RHSA-2024:4455
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4455
53
reference_url https://access.redhat.com/errata/RHSA-2024:4484
reference_id RHSA-2024:4484
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:4484
54
reference_url https://access.redhat.com/errata/RHSA-2024:6209
reference_id RHSA-2024:6209
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:6209
55
reference_url https://access.redhat.com/errata/RHSA-2024:7179
reference_id RHSA-2024:7179
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:7179
56
reference_url https://access.redhat.com/errata/RHSA-2024:8229
reference_id RHSA-2024:8229
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8229
57
reference_url https://access.redhat.com/errata/RHSA-2024:8235
reference_id RHSA-2024:8235
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8235
58
reference_url https://access.redhat.com/errata/RHSA-2024:8974
reference_id RHSA-2024:8974
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8974
59
reference_url https://access.redhat.com/errata/RHSA-2025:0536
reference_id RHSA-2025:0536
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:0536
60
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UG5FSEYJ3GP27FZXC5YAAMMEC5XWKJHG/
reference_id UG5FSEYJ3GP27FZXC5YAAMMEC5XWKJHG
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-11T15:08:38Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UG5FSEYJ3GP27FZXC5YAAMMEC5XWKJHG/
61
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJO2U5ACZVACNQXJ5EBRFLFW6DP5BROY/
reference_id UJO2U5ACZVACNQXJ5EBRFLFW6DP5BROY
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-11T15:08:38Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJO2U5ACZVACNQXJ5EBRFLFW6DP5BROY/
62
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH/
reference_id XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH
reference_type
scores
0
value 4.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-03-11T15:08:38Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH/
fixed_packages
0
url pkg:deb/debian/golang-github-go-jose-go-jose@4.0.1-1?distro=trixie
purl pkg:deb/debian/golang-github-go-jose-go-jose@4.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-jose-go-jose@4.0.1-1%3Fdistro=trixie
1
url pkg:deb/debian/golang-github-go-jose-go-jose@4.0.5-1?distro=trixie
purl pkg:deb/debian/golang-github-go-jose-go-jose@4.0.5-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r5yf-qtqg-93cs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-jose-go-jose@4.0.5-1%3Fdistro=trixie
2
url pkg:deb/debian/golang-github-go-jose-go-jose@4.1.4-1?distro=trixie
purl pkg:deb/debian/golang-github-go-jose-go-jose@4.1.4-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-jose-go-jose@4.1.4-1%3Fdistro=trixie
aliases CVE-2024-28180, GHSA-c5q2-7r4c-mv6g
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bq1t-9nnj-mkes
1
url VCID-rbtx-222u-zudf
vulnerability_id VCID-rbtx-222u-zudf
summary 
DoS in go-jose Parsing
### Impact
When parsing compact JWS or JWE input, go-jose could use excessive memory. The code used strings.Split(token, ".") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of '.' characters.  An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service.

### Patches
Version 4.0.5 fixes this issue

### Workarounds
Applications could pre-validate payloads passed to go-jose do not contain an excessive number of '.' characters.

### References
This is the same sort of issue as in the golang.org/x/oauth2/jws package as CVE-2025-22868 and Go issue https://go.dev/issue/71490.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27144.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27144.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27144
reference_id
reference_type
scores
0
value 0.00078
scoring_system epss
scoring_elements 0.23266
published_at 2026-04-02T12:55:00Z
1
value 0.00109
scoring_system epss
scoring_elements 0.29369
published_at 2026-04-04T12:55:00Z
2
value 0.00112
scoring_system epss
scoring_elements 0.2953
published_at 2026-04-21T12:55:00Z
3
value 0.00112
scoring_system epss
scoring_elements 0.29574
published_at 2026-04-18T12:55:00Z
4
value 0.00112
scoring_system epss
scoring_elements 0.29636
published_at 2026-04-08T12:55:00Z
5
value 0.00112
scoring_system epss
scoring_elements 0.29673
published_at 2026-04-09T12:55:00Z
6
value 0.00112
scoring_system epss
scoring_elements 0.29676
published_at 2026-04-11T12:55:00Z
7
value 0.00112
scoring_system epss
scoring_elements 0.29632
published_at 2026-04-12T12:55:00Z
8
value 0.00112
scoring_system epss
scoring_elements 0.29581
published_at 2026-04-13T12:55:00Z
9
value 0.00112
scoring_system epss
scoring_elements 0.296
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27144
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/go-jose/go-jose
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/go-jose/go-jose
4
reference_url https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:26:42Z/
url https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22
5
reference_url https://github.com/go-jose/go-jose/releases/tag/v4.0.5
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:26:42Z/
url https://github.com/go-jose/go-jose/releases/tag/v4.0.5
6
reference_url https://github.com/go-jose/go-jose/security/advisories/GHSA-c6gw-w398-hv78
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:26:42Z/
url https://github.com/go-jose/go-jose/security/advisories/GHSA-c6gw-w398-hv78
7
reference_url https://github.com/golang/go/issues/71490
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/golang/go/issues/71490
8
reference_url https://go.dev/issue/71490
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://go.dev/issue/71490
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-27144
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-27144
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098908
reference_id 1098908
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098908
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2347423
reference_id 2347423
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2347423
12
reference_url https://access.redhat.com/errata/RHSA-2024:11038
reference_id RHSA-2024:11038
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:11038
13
reference_url https://access.redhat.com/errata/RHSA-2025:11396
reference_id RHSA-2025:11396
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11396
14
reference_url https://access.redhat.com/errata/RHSA-2025:19566
reference_id RHSA-2025:19566
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19566
15
reference_url https://access.redhat.com/errata/RHSA-2025:19594
reference_id RHSA-2025:19594
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19594
16
reference_url https://access.redhat.com/errata/RHSA-2025:22014
reference_id RHSA-2025:22014
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22014
17
reference_url https://access.redhat.com/errata/RHSA-2025:3059
reference_id RHSA-2025:3059
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3059
18
reference_url https://access.redhat.com/errata/RHSA-2025:3061
reference_id RHSA-2025:3061
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3061
19
reference_url https://access.redhat.com/errata/RHSA-2025:3066
reference_id RHSA-2025:3066
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3066
20
reference_url https://access.redhat.com/errata/RHSA-2025:3068
reference_id RHSA-2025:3068
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3068
21
reference_url https://access.redhat.com/errata/RHSA-2025:3131
reference_id RHSA-2025:3131
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3131
22
reference_url https://access.redhat.com/errata/RHSA-2025:3132
reference_id RHSA-2025:3132
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3132
23
reference_url https://access.redhat.com/errata/RHSA-2025:3335
reference_id RHSA-2025:3335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3335
24
reference_url https://access.redhat.com/errata/RHSA-2025:3438
reference_id RHSA-2025:3438
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3438
25
reference_url https://access.redhat.com/errata/RHSA-2025:3439
reference_id RHSA-2025:3439
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3439
26
reference_url https://access.redhat.com/errata/RHSA-2025:3501
reference_id RHSA-2025:3501
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3501
27
reference_url https://access.redhat.com/errata/RHSA-2025:3593
reference_id RHSA-2025:3593
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3593
28
reference_url https://access.redhat.com/errata/RHSA-2025:3743
reference_id RHSA-2025:3743
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3743
29
reference_url https://access.redhat.com/errata/RHSA-2025:3775
reference_id RHSA-2025:3775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3775
30
reference_url https://access.redhat.com/errata/RHSA-2025:3820
reference_id RHSA-2025:3820
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3820
31
reference_url https://access.redhat.com/errata/RHSA-2025:3906
reference_id RHSA-2025:3906
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3906
32
reference_url https://access.redhat.com/errata/RHSA-2025:4427
reference_id RHSA-2025:4427
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4427
33
reference_url https://access.redhat.com/errata/RHSA-2025:4712
reference_id RHSA-2025:4712
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4712
34
reference_url https://access.redhat.com/errata/RHSA-2025:7389
reference_id RHSA-2025:7389
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7389
35
reference_url https://access.redhat.com/errata/RHSA-2025:7391
reference_id RHSA-2025:7391
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7391
36
reference_url https://access.redhat.com/errata/RHSA-2025:7397
reference_id RHSA-2025:7397
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7397
37
reference_url https://access.redhat.com/errata/RHSA-2025:7407
reference_id RHSA-2025:7407
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7407
38
reference_url https://access.redhat.com/errata/RHSA-2025:7459
reference_id RHSA-2025:7459
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7459
39
reference_url https://access.redhat.com/errata/RHSA-2025:7462
reference_id RHSA-2025:7462
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7462
40
reference_url https://access.redhat.com/errata/RHSA-2025:7467
reference_id RHSA-2025:7467
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7467
41
reference_url https://access.redhat.com/errata/RHSA-2025:7479
reference_id RHSA-2025:7479
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7479
42
reference_url https://access.redhat.com/errata/RHSA-2025:7669
reference_id RHSA-2025:7669
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7669
43
reference_url https://access.redhat.com/errata/RHSA-2025:9167
reference_id RHSA-2025:9167
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9167
44
reference_url https://access.redhat.com/errata/RHSA-2026:3718
reference_id RHSA-2026:3718
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3718
fixed_packages
0
url pkg:deb/debian/golang-github-go-jose-go-jose@4.0.5-1?distro=trixie
purl pkg:deb/debian/golang-github-go-jose-go-jose@4.0.5-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r5yf-qtqg-93cs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-jose-go-jose@4.0.5-1%3Fdistro=trixie
1
url pkg:deb/debian/golang-github-go-jose-go-jose@4.1.4-1?distro=trixie
purl pkg:deb/debian/golang-github-go-jose-go-jose@4.1.4-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-jose-go-jose@4.1.4-1%3Fdistro=trixie
aliases CVE-2025-27144, GHSA-c6gw-w398-hv78
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rbtx-222u-zudf
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-jose-go-jose@4.0.5-1%3Fdistro=trixie