{"id":"GO-2025-4123","summary":"Denial-of-Service (DoS) via crafted JSON Web Encryption (JWE) token high compression ratio in github.com/dvsekhvalnov/jose2go","details":"Denial-of-Service (DoS) via crafted JSON Web Encryption (JWE) token high compression ratio in github.com/dvsekhvalnov/jose2go","aliases":["CVE-2025-63811","GHSA-9mj6-hxhv-w67j"],"modified":"2026-02-04T04:04:38.794214Z","published":"2025-11-18T15:44:15Z","related":["CGA-pr7v-f3fq-fr58"],"database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2025-4123"},"references":[{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-9mj6-hxhv-w67j"},{"type":"FIX","url":"https://github.com/dvsekhvalnov/jose2go/commit/0a0673dd7f2820a446de5b04b9094b2291d77d5d"},{"type":"REPORT","url":"https://github.com/dvsekhvalnov/jose2go/issues/33"}],"affected":[{"package":{"name":"github.com/dvsekhvalnov/jose2go","ecosystem":"Go","purl":"pkg:golang/github.com/dvsekhvalnov/jose2go"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.7.0"}]}],"ecosystem_specific":{"imports":[{"symbols":["Decode","DecodeBytes","Deflate.Decompress","decrypt"],"path":"github.com/dvsekhvalnov/jose2go"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2025-4123.json"}}],"schema_version":"1.7.3"}