VDB
GHSA-mhpq-9638-x6pw
GHSA-mhpq-9638-x6pw
REJECTED
CVSS 5.300000190734863 MEDIUM
Duplicate Advisory: Denial of service when decrypting attack controlled input in github.com/dvsekhvalnov/jose2go
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Go | github.com/dvsekhvalnov/jose2go | 0 |
| github.com | dvsekhvalnov/jose2go | 0, 0, 0 |
| github.com | dvsekhvalnov/jose2go | 0 |
Timeline
- Dec 20, 2023 CVE Published
- Feb 3, 2026 CVE Updated
- Mar 2, 2026 Security Advisory
References
- https://github.com/dvsekhvalnov/jose2go product
- https://www.blackhat.com/us-23/briefings/schedule/#three-new-attacks-against-json-web-tokens-31695 url
- GitHub Advisory GHSA-mhpq-9638-x6pw vendor-advisory
- https://github.com/dvsekhvalnov/jose2go/issues/31 url
- https://github.com/dvsekhvalnov/jose2go/commit/a4584e9dd7128608fedbc67892eba9697f0d5317 url
- https://nvd.nist.gov/vuln/detail/CVE-2023-50658 vendor-advisory
- https://github.com/dvsekhvalnov/jose2go/compare/v1.5.0...v1.6.0 url
- https://pkg.go.dev/vuln/GO-2023-2409 url
- GitHub Advisory GHSA-6294-6rgp-fr7r vendor-advisory