Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-rbtx-222u-zudf
Summary
DoS in go-jose Parsing
### Impact
When parsing compact JWS or JWE input, go-jose could use excessive memory. The code used strings.Split(token, ".") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of '.' characters.  An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service.

### Patches
Version 4.0.5 fixes this issue

### Workarounds
Applications could pre-validate payloads passed to go-jose do not contain an excessive number of '.' characters.

### References
This is the same sort of issue as in the golang.org/x/oauth2/jws package as CVE-2025-22868 and Go issue https://go.dev/issue/71490.
Aliases
0
alias CVE-2025-27144
1
alias GHSA-c6gw-w398-hv78
Fixed_packages
0
url pkg:deb/debian/golang-github-go-jose-go-jose@4.0.5-1?distro=trixie
purl pkg:deb/debian/golang-github-go-jose-go-jose@4.0.5-1?distro=trixie
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-r5yf-qtqg-93cs
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-jose-go-jose@4.0.5-1%3Fdistro=trixie
1
url pkg:deb/debian/golang-github-go-jose-go-jose@4.1.4-1?distro=trixie
purl pkg:deb/debian/golang-github-go-jose-go-jose@4.1.4-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/golang-github-go-jose-go-jose@4.1.4-1%3Fdistro=trixie
2
url pkg:golang/github.com/go-jose/go-jose/v3@3.0.4
purl pkg:golang/github.com/go-jose/go-jose/v3@3.0.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/go-jose/go-jose/v3@3.0.4
3
url pkg:golang/github.com/go-jose/go-jose/v4@4.0.5
purl pkg:golang/github.com/go-jose/go-jose/v4@4.0.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:golang/github.com/go-jose/go-jose/v4@4.0.5
Affected_packages
0
url pkg:rpm/redhat/buildah@2:1.39.4-1?arch=el10_0
purl pkg:rpm/redhat/buildah@2:1.39.4-1?arch=el10_0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rbtx-222u-zudf
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/buildah@2:1.39.4-1%3Farch=el10_0
1
url pkg:rpm/redhat/buildah@2:1.39.4-1?arch=el9_6
purl pkg:rpm/redhat/buildah@2:1.39.4-1?arch=el9_6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rbtx-222u-zudf
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/buildah@2:1.39.4-1%3Farch=el9_6
2
url pkg:rpm/redhat/opentelemetry-collector@0.107.0-7?arch=el9_4
purl pkg:rpm/redhat/opentelemetry-collector@0.107.0-7?arch=el9_4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-chwd-qyet-4qbz
1
vulnerability VCID-fk74-ghxp-w3g9
2
vulnerability VCID-nrrp-y243-bfa1
3
vulnerability VCID-rbtx-222u-zudf
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/opentelemetry-collector@0.107.0-7%3Farch=el9_4
3
url pkg:rpm/redhat/opentelemetry-collector@0.107.0-8?arch=el9_6
purl pkg:rpm/redhat/opentelemetry-collector@0.107.0-8?arch=el9_6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-chwd-qyet-4qbz
1
vulnerability VCID-nrrp-y243-bfa1
2
vulnerability VCID-rbtx-222u-zudf
3
vulnerability VCID-s5gr-zsbz-xkbe
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/opentelemetry-collector@0.107.0-8%3Farch=el9_6
4
url pkg:rpm/redhat/opentelemetry-collector@0.107.0-8?arch=el9_5
purl pkg:rpm/redhat/opentelemetry-collector@0.107.0-8?arch=el9_5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-chwd-qyet-4qbz
1
vulnerability VCID-fk74-ghxp-w3g9
2
vulnerability VCID-nrrp-y243-bfa1
3
vulnerability VCID-rbtx-222u-zudf
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/opentelemetry-collector@0.107.0-8%3Farch=el9_5
5
url pkg:rpm/redhat/opentelemetry-collector@0.107.0-9?arch=el10_0
purl pkg:rpm/redhat/opentelemetry-collector@0.107.0-9?arch=el10_0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-chwd-qyet-4qbz
1
vulnerability VCID-nrrp-y243-bfa1
2
vulnerability VCID-rbtx-222u-zudf
3
vulnerability VCID-s5gr-zsbz-xkbe
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/opentelemetry-collector@0.107.0-9%3Farch=el10_0
6
url pkg:rpm/redhat/osbuild-composer@132.2-3?arch=el9_6
purl pkg:rpm/redhat/osbuild-composer@132.2-3?arch=el9_6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rbtx-222u-zudf
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/osbuild-composer@132.2-3%3Farch=el9_6
7
url pkg:rpm/redhat/osbuild-composer@134.1-3?arch=el10_0
purl pkg:rpm/redhat/osbuild-composer@134.1-3?arch=el10_0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rbtx-222u-zudf
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/osbuild-composer@134.1-3%3Farch=el10_0
8
url pkg:rpm/redhat/podman@5:5.2.2-4.rhaos4.17?arch=el8
purl pkg:rpm/redhat/podman@5:5.2.2-4.rhaos4.17?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rbtx-222u-zudf
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/podman@5:5.2.2-4.rhaos4.17%3Farch=el8
9
url pkg:rpm/redhat/podman@5:5.2.2-6.rhaos4.18?arch=el9
purl pkg:rpm/redhat/podman@5:5.2.2-6.rhaos4.18?arch=el9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rbtx-222u-zudf
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/podman@5:5.2.2-6.rhaos4.18%3Farch=el9
10
url pkg:rpm/redhat/podman@5:5.4.0-9?arch=el9_6
purl pkg:rpm/redhat/podman@5:5.4.0-9?arch=el9_6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cmts-6kz4-zkh8
1
vulnerability VCID-rbtx-222u-zudf
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/podman@5:5.4.0-9%3Farch=el9_6
11
url pkg:rpm/redhat/podman@6:5.4.0-9?arch=el10_0
purl pkg:rpm/redhat/podman@6:5.4.0-9?arch=el10_0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-cmts-6kz4-zkh8
1
vulnerability VCID-rbtx-222u-zudf
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/podman@6:5.4.0-9%3Farch=el10_0
12
url pkg:rpm/redhat/skopeo@2:1.16.1-1.rhaos4.17?arch=el8
purl pkg:rpm/redhat/skopeo@2:1.16.1-1.rhaos4.17?arch=el8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rbtx-222u-zudf
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/skopeo@2:1.16.1-1.rhaos4.17%3Farch=el8
13
url pkg:rpm/redhat/skopeo@2:1.16.1-1.rhaos4.18?arch=el9
purl pkg:rpm/redhat/skopeo@2:1.16.1-1.rhaos4.18?arch=el9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rbtx-222u-zudf
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/skopeo@2:1.16.1-1.rhaos4.18%3Farch=el9
14
url pkg:rpm/redhat/skopeo@2:1.18.1-1?arch=el10_0
purl pkg:rpm/redhat/skopeo@2:1.18.1-1?arch=el10_0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rbtx-222u-zudf
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/skopeo@2:1.18.1-1%3Farch=el10_0
15
url pkg:rpm/redhat/skopeo@2:1.18.1-1?arch=el9_6
purl pkg:rpm/redhat/skopeo@2:1.18.1-1?arch=el9_6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-rbtx-222u-zudf
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/skopeo@2:1.18.1-1%3Farch=el9_6
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27144.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-27144.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27144
reference_id
reference_type
scores
0
value 0.00078
scoring_system epss
scoring_elements 0.23266
published_at 2026-04-02T12:55:00Z
1
value 0.00109
scoring_system epss
scoring_elements 0.29369
published_at 2026-04-04T12:55:00Z
2
value 0.00112
scoring_system epss
scoring_elements 0.2953
published_at 2026-04-21T12:55:00Z
3
value 0.00112
scoring_system epss
scoring_elements 0.29574
published_at 2026-04-18T12:55:00Z
4
value 0.00112
scoring_system epss
scoring_elements 0.29636
published_at 2026-04-08T12:55:00Z
5
value 0.00112
scoring_system epss
scoring_elements 0.29673
published_at 2026-04-09T12:55:00Z
6
value 0.00112
scoring_system epss
scoring_elements 0.29676
published_at 2026-04-11T12:55:00Z
7
value 0.00112
scoring_system epss
scoring_elements 0.29632
published_at 2026-04-12T12:55:00Z
8
value 0.00112
scoring_system epss
scoring_elements 0.29581
published_at 2026-04-13T12:55:00Z
9
value 0.00112
scoring_system epss
scoring_elements 0.296
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27144
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/go-jose/go-jose
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/go-jose/go-jose
4
reference_url https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:26:42Z/
url https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22
5
reference_url https://github.com/go-jose/go-jose/releases/tag/v4.0.5
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:26:42Z/
url https://github.com/go-jose/go-jose/releases/tag/v4.0.5
6
reference_url https://github.com/go-jose/go-jose/security/advisories/GHSA-c6gw-w398-hv78
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:26:42Z/
url https://github.com/go-jose/go-jose/security/advisories/GHSA-c6gw-w398-hv78
7
reference_url https://github.com/golang/go/issues/71490
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/golang/go/issues/71490
8
reference_url https://go.dev/issue/71490
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://go.dev/issue/71490
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-27144
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-27144
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098908
reference_id 1098908
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098908
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2347423
reference_id 2347423
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2347423
12
reference_url https://access.redhat.com/errata/RHSA-2024:11038
reference_id RHSA-2024:11038
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:11038
13
reference_url https://access.redhat.com/errata/RHSA-2025:11396
reference_id RHSA-2025:11396
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:11396
14
reference_url https://access.redhat.com/errata/RHSA-2025:19566
reference_id RHSA-2025:19566
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19566
15
reference_url https://access.redhat.com/errata/RHSA-2025:19594
reference_id RHSA-2025:19594
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:19594
16
reference_url https://access.redhat.com/errata/RHSA-2025:22014
reference_id RHSA-2025:22014
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:22014
17
reference_url https://access.redhat.com/errata/RHSA-2025:3059
reference_id RHSA-2025:3059
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3059
18
reference_url https://access.redhat.com/errata/RHSA-2025:3061
reference_id RHSA-2025:3061
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3061
19
reference_url https://access.redhat.com/errata/RHSA-2025:3066
reference_id RHSA-2025:3066
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3066
20
reference_url https://access.redhat.com/errata/RHSA-2025:3068
reference_id RHSA-2025:3068
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3068
21
reference_url https://access.redhat.com/errata/RHSA-2025:3131
reference_id RHSA-2025:3131
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3131
22
reference_url https://access.redhat.com/errata/RHSA-2025:3132
reference_id RHSA-2025:3132
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3132
23
reference_url https://access.redhat.com/errata/RHSA-2025:3335
reference_id RHSA-2025:3335
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3335
24
reference_url https://access.redhat.com/errata/RHSA-2025:3438
reference_id RHSA-2025:3438
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3438
25
reference_url https://access.redhat.com/errata/RHSA-2025:3439
reference_id RHSA-2025:3439
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3439
26
reference_url https://access.redhat.com/errata/RHSA-2025:3501
reference_id RHSA-2025:3501
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3501
27
reference_url https://access.redhat.com/errata/RHSA-2025:3593
reference_id RHSA-2025:3593
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3593
28
reference_url https://access.redhat.com/errata/RHSA-2025:3743
reference_id RHSA-2025:3743
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3743
29
reference_url https://access.redhat.com/errata/RHSA-2025:3775
reference_id RHSA-2025:3775
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3775
30
reference_url https://access.redhat.com/errata/RHSA-2025:3820
reference_id RHSA-2025:3820
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3820
31
reference_url https://access.redhat.com/errata/RHSA-2025:3906
reference_id RHSA-2025:3906
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:3906
32
reference_url https://access.redhat.com/errata/RHSA-2025:4427
reference_id RHSA-2025:4427
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4427
33
reference_url https://access.redhat.com/errata/RHSA-2025:4712
reference_id RHSA-2025:4712
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:4712
34
reference_url https://access.redhat.com/errata/RHSA-2025:7389
reference_id RHSA-2025:7389
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7389
35
reference_url https://access.redhat.com/errata/RHSA-2025:7391
reference_id RHSA-2025:7391
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7391
36
reference_url https://access.redhat.com/errata/RHSA-2025:7397
reference_id RHSA-2025:7397
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7397
37
reference_url https://access.redhat.com/errata/RHSA-2025:7407
reference_id RHSA-2025:7407
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7407
38
reference_url https://access.redhat.com/errata/RHSA-2025:7459
reference_id RHSA-2025:7459
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7459
39
reference_url https://access.redhat.com/errata/RHSA-2025:7462
reference_id RHSA-2025:7462
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7462
40
reference_url https://access.redhat.com/errata/RHSA-2025:7467
reference_id RHSA-2025:7467
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7467
41
reference_url https://access.redhat.com/errata/RHSA-2025:7479
reference_id RHSA-2025:7479
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7479
42
reference_url https://access.redhat.com/errata/RHSA-2025:7669
reference_id RHSA-2025:7669
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:7669
43
reference_url https://access.redhat.com/errata/RHSA-2025:9167
reference_id RHSA-2025:9167
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:9167
44
reference_url https://access.redhat.com/errata/RHSA-2026:3718
reference_id RHSA-2026:3718
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:3718
Weaknesses
0
cwe_id 400
name Uncontrolled Resource Consumption
description The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
1
cwe_id 770
name Allocation of Resources Without Limits or Throttling
description The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
Exploits
Severity_range_score4.0 - 7.5
Exploitability0.5
Weighted_severity6.8
Risk_score3.4
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-rbtx-222u-zudf