{"id":"GO-2025-3485","summary":"DoS in go-jose Parsing in github.com/go-jose/go-jose","details":"DoS in go-jose Parsing in github.com/go-jose/go-jose","aliases":["CVE-2025-27144","GHSA-c6gw-w398-hv78"],"modified":"2026-02-04T02:24:07.473820Z","published":"2025-03-03T16:11:01Z","related":["CGA-p64v-w3j6-xg5w"],"database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2025-3485"},"references":[{"type":"ADVISORY","url":"https://github.com/go-jose/go-jose/security/advisories/GHSA-c6gw-w398-hv78"},{"type":"FIX","url":"https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22"},{"type":"WEB","url":"https://github.com/go-jose/go-jose/releases/tag/v4.0.5"},{"type":"WEB","url":"https://go.dev/issue/71490"},{"type":"WEB","url":"https://go.dev/issue/71490"}],"affected":[{"package":{"name":"github.com/go-jose/go-jose","ecosystem":"Go","purl":"pkg:golang/github.com/go-jose/go-jose"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3485.json"}},{"package":{"name":"github.com/go-jose/go-jose/v3","ecosystem":"Go","purl":"pkg:golang/github.com/go-jose/go-jose/v3"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"3.0.4"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/go-jose/go-jose/v3","symbols":["ParseDetached","ParseEncrypted","ParseSigned","rawJSONWebEncryption.sanitized","rawJSONWebSignature.sanitized"]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3485.json"}},{"package":{"name":"github.com/go-jose/go-jose/v4","ecosystem":"Go","purl":"pkg:golang/github.com/go-jose/go-jose/v4"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"4.0.5"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/go-jose/go-jose/v4","symbols":["ParseEncrypted","ParseEncryptedCompact","ParseSignedCompact"]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3485.json"}},{"package":{"name":"github.com/square/go-jose","ecosystem":"Go","purl":"pkg:golang/github.com/square/go-jose"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"}]}],"ecosystem_specific":{},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-3485.json"}}],"schema_version":"1.7.3"}