High severityNVD Advisory· Published Nov 12, 2025· Updated Nov 13, 2025
CVE-2025-63811
CVE-2025-63811
Description
An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allowing an attacker to cause a Denial-of-Service (DoS) via crafted JSON Web Encryption (JWE) token with an exceptionally high compression ratio.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/dvsekhvalnov/jose2goGo | < 1.7.0 | 1.7.0 |
Affected products
120- dvsekhvalnov/jose2godescription
- osv-coords119 versionspkg:apk/chainguard/amazon-cloudwatch-agentpkg:apk/chainguard/amazon-cloudwatch-agent-fipspkg:apk/chainguard/argo-eventspkg:apk/chainguard/argo-events-compatpkg:apk/chainguard/argo-events-fipspkg:apk/chainguard/argo-events-fips-compatpkg:apk/chainguard/bentopkg:apk/chainguard/bento-compatpkg:apk/chainguard/cluster-api-aws-controllerpkg:apk/chainguard/cluster-api-aws-controller-compatpkg:apk/chainguard/cluster-api-aws-controller-fipspkg:apk/chainguard/dapr-1.15pkg:apk/chainguard/dapr-daprd-1.15pkg:apk/chainguard/dapr-daprd-1.15-oci-compatpkg:apk/chainguard/dapr-daprd-fips-1.14pkg:apk/chainguard/dapr-daprd-fips-1.15pkg:apk/chainguard/dapr-daprd-fips-1.15-oci-compatpkg:apk/chainguard/dapr-fips-1.15pkg:apk/chainguard/dapr-injector-1.15pkg:apk/chainguard/dapr-injector-1.15-oci-compatpkg:apk/chainguard/dapr-injector-fips-1.15pkg:apk/chainguard/dapr-injector-fips-1.15-oci-compatpkg:apk/chainguard/dapr-operator-1.15pkg:apk/chainguard/dapr-operator-1.15-oci-compatpkg:apk/chainguard/dapr-operator-fips-1.15pkg:apk/chainguard/dapr-operator-fips-1.15-oci-compatpkg:apk/chainguard/dapr-placement-1.15pkg:apk/chainguard/dapr-placement-1.15-oci-compatpkg:apk/chainguard/dapr-placement-fips-1.15pkg:apk/chainguard/dapr-placement-fips-1.15-oci-compatpkg:apk/chainguard/dapr-scheduler-1.15pkg:apk/chainguard/dapr-scheduler-1.15-oci-compatpkg:apk/chainguard/dapr-scheduler-fips-1.15pkg:apk/chainguard/dapr-scheduler-fips-1.15-oci-compatpkg:apk/chainguard/dapr-sentry-1.15pkg:apk/chainguard/dapr-sentry-1.15-oci-compatpkg:apk/chainguard/dapr-sentry-fips-1.15pkg:apk/chainguard/dapr-sentry-fips-1.15-oci-compatpkg:apk/chainguard/grafana-alloypkg:apk/chainguard/grafana-alloy-compatpkg:apk/chainguard/jitsucom-bulkerpkg:apk/chainguard/jitsucom-bulker-bulkerpkg:apk/chainguard/jitsucom-bulker-bulker-compatpkg:apk/chainguard/jitsucom-bulker-ingestpkg:apk/chainguard/jitsucom-bulker-ingest-compatpkg:apk/chainguard/jitsucom-bulker-ingmgrpkg:apk/chainguard/jitsucom-bulker-ingmgr-compatpkg:apk/chainguard/jitsucom-bulker-sidecarpkg:apk/chainguard/jitsucom-bulker-sidecar-compatpkg:apk/chainguard/jitsucom-bulker-syncctlpkg:apk/chainguard/jitsucom-bulker-syncctl-compatpkg:apk/chainguard/opentelemetry-collector-contribpkg:apk/chainguard/opentelemetry-collector-contrib-compatpkg:apk/chainguard/splunk-otel-collectorpkg:apk/chainguard/splunk-otel-collector-compatpkg:apk/chainguard/splunk-otel-collector-docpkg:apk/chainguard/splunk-otel-collector-fipspkg:apk/chainguard/splunk-otel-collector-migratecheckpointpkg:apk/chainguard/splunk-otel-collector-migratecheckpoint-compatpkg:apk/chainguard/sql_exporterpkg:apk/chainguard/sql_exporter-compatpkg:apk/chainguard/sql_exporter-fipspkg:apk/chainguard/telegraf-1.34pkg:apk/chainguard/telegraf-1.35pkg:apk/chainguard/vault-1.16pkg:apk/chainguard/vault-1.16-compatpkg:apk/chainguard/vault-1.17pkg:apk/chainguard/vault-1.17-compatpkg:apk/chainguard/vault-1.21pkg:apk/chainguard/vault-1.21-compatpkg:apk/chainguard/vault-fips-1.19pkg:apk/chainguard/vault-fips-1.19-compatpkg:apk/chainguard/vault-fips-1.21pkg:apk/chainguard/vault-fips-1.21-compatpkg:apk/wolfi/amazon-cloudwatch-agentpkg:apk/wolfi/argo-eventspkg:apk/wolfi/argo-events-compatpkg:apk/wolfi/bentopkg:apk/wolfi/bento-compatpkg:apk/wolfi/cluster-api-aws-controllerpkg:apk/wolfi/cluster-api-aws-controller-compatpkg:apk/wolfi/dapr-1.15pkg:apk/wolfi/dapr-daprd-1.15pkg:apk/wolfi/dapr-daprd-1.15-oci-compatpkg:apk/wolfi/dapr-injector-1.15pkg:apk/wolfi/dapr-injector-1.15-oci-compatpkg:apk/wolfi/dapr-operator-1.15pkg:apk/wolfi/dapr-operator-1.15-oci-compatpkg:apk/wolfi/dapr-placement-1.15pkg:apk/wolfi/dapr-placement-1.15-oci-compatpkg:apk/wolfi/dapr-scheduler-1.15pkg:apk/wolfi/dapr-scheduler-1.15-oci-compatpkg:apk/wolfi/dapr-sentry-1.15pkg:apk/wolfi/dapr-sentry-1.15-oci-compatpkg:apk/wolfi/grafana-alloypkg:apk/wolfi/grafana-alloy-compatpkg:apk/wolfi/jitsucom-bulkerpkg:apk/wolfi/jitsucom-bulker-bulkerpkg:apk/wolfi/jitsucom-bulker-bulker-compatpkg:apk/wolfi/jitsucom-bulker-ingestpkg:apk/wolfi/jitsucom-bulker-ingest-compatpkg:apk/wolfi/jitsucom-bulker-ingmgrpkg:apk/wolfi/jitsucom-bulker-ingmgr-compatpkg:apk/wolfi/jitsucom-bulker-sidecarpkg:apk/wolfi/jitsucom-bulker-sidecar-compatpkg:apk/wolfi/jitsucom-bulker-syncctlpkg:apk/wolfi/jitsucom-bulker-syncctl-compatpkg:apk/wolfi/opentelemetry-collector-contribpkg:apk/wolfi/opentelemetry-collector-contrib-compatpkg:apk/wolfi/splunk-otel-collectorpkg:apk/wolfi/splunk-otel-collector-compatpkg:apk/wolfi/splunk-otel-collector-docpkg:apk/wolfi/splunk-otel-collector-migratecheckpointpkg:apk/wolfi/splunk-otel-collector-migratecheckpoint-compatpkg:apk/wolfi/sql_exporterpkg:apk/wolfi/sql_exporter-compatpkg:apk/wolfi/telegraf-1.34pkg:apk/wolfi/telegraf-1.35pkg:golang/github.com/dvsekhvalnov/jose2go
< 1.300070.0-r1+ 118 more
- (no CPE)range: < 1.300070.0-r1
- (no CPE)range: < 1.300070.0-r2
- (no CPE)range: < 1.9.8-r1
- (no CPE)range: < 1.9.8-r1
- (no CPE)range: < 1.9.8-r1
- (no CPE)range: < 1.9.8-r1
- (no CPE)range: < 1.12.1-r2
- (no CPE)range: < 1.12.1-r2
- (no CPE)range: < 2.9.2-r1
- (no CPE)range: < 2.9.2-r1
- (no CPE)range: < 2.9.2-r2
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.14.5-r10
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.11.3-r2
- (no CPE)range: < 1.11.3-r2
- (no CPE)range: < 2.11.913-r1
- (no CPE)range: < 2.11.913-r1
- (no CPE)range: < 2.11.913-r1
- (no CPE)range: < 2.11.913-r1
- (no CPE)range: < 2.11.913-r1
- (no CPE)range: < 2.11.913-r1
- (no CPE)range: < 2.11.913-r1
- (no CPE)range: < 2.11.913-r1
- (no CPE)range: < 2.11.913-r1
- (no CPE)range: < 2.11.913-r1
- (no CPE)range: < 2.11.913-r1
- (no CPE)range: < 0.139.0-r1
- (no CPE)range: < 0.139.0-r1
- (no CPE)range: < 0.139.2-r1
- (no CPE)range: < 0.139.2-r1
- (no CPE)range: < 0.139.2-r1
- (no CPE)range: < 0.139.2-r1
- (no CPE)range: < 0.139.2-r1
- (no CPE)range: < 0.139.2-r1
- (no CPE)range: < 0.18.4-r1
- (no CPE)range: < 0.18.4-r1
- (no CPE)range: < 0.18.4-r2
- (no CPE)range: < 1.34.4-r7
- (no CPE)range: < 1.35.4-r3
- (no CPE)range: < 1.16.3-r27
- (no CPE)range: < 1.16.3-r27
- (no CPE)range: < 1.17.6-r19
- (no CPE)range: < 1.17.6-r19
- (no CPE)range: < 1.21.1-r0
- (no CPE)range: < 1.21.1-r0
- (no CPE)range: < 1.19.5-r9
- (no CPE)range: < 1.19.5-r9
- (no CPE)range: < 1.21.1-r0
- (no CPE)range: < 1.21.1-r0
- (no CPE)range: < 1.300070.0-r1
- (no CPE)range: < 1.9.8-r1
- (no CPE)range: < 1.9.8-r1
- (no CPE)range: < 1.12.1-r2
- (no CPE)range: < 1.12.1-r2
- (no CPE)range: < 2.9.2-r1
- (no CPE)range: < 2.9.2-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.15.13-r1
- (no CPE)range: < 1.11.3-r2
- (no CPE)range: < 1.11.3-r2
- (no CPE)range: < 2.11.913-r1
- (no CPE)range: < 2.11.913-r1
- (no CPE)range: < 2.11.913-r1
- (no CPE)range: < 2.11.913-r1
- (no CPE)range: < 2.11.913-r1
- (no CPE)range: < 2.11.913-r1
- (no CPE)range: < 2.11.913-r1
- (no CPE)range: < 2.11.913-r1
- (no CPE)range: < 2.11.913-r1
- (no CPE)range: < 2.11.913-r1
- (no CPE)range: < 2.11.913-r1
- (no CPE)range: < 0.139.0-r1
- (no CPE)range: < 0.139.0-r1
- (no CPE)range: < 0.139.2-r1
- (no CPE)range: < 0.139.2-r1
- (no CPE)range: < 0.139.2-r1
- (no CPE)range: < 0.139.2-r1
- (no CPE)range: < 0.139.2-r1
- (no CPE)range: < 0.18.4-r1
- (no CPE)range: < 0.18.4-r1
- (no CPE)range: < 1.34.4-r7
- (no CPE)range: < 1.35.4-r3
- (no CPE)range: < 1.7.0
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.