Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

go

gopkg.in/go-jose/go-jose.v2

go

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. It implements encryption and signing based on the JSON Web Encryption and JSON Web Signature standards, with optional JSON Web Token support available in a sub-package. The library supports both the compact and full serialization formats, and has optional support for multiple recipients.

View on proxy.golang.org

Security Advisories for gopkg.in/go-jose/go-jose.v2 in go

Moderate
over 1 year ago

Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) GSA_kwCzR0hTQS1jNXEyLTdyNGMtbXY2Z84AA51M

go gopkg.in/go-jose/go-jose.v2, github.com/go-jose/go-jose/v3, github.com/go-jose/go-jose/v4

Filter by Severity

Moderate 1