VYPR
Vendor

Go Jose

Products
1
CVEs
6
Across products
6
Status
Private

Products

1

Recent CVEs

6
  • CVE-2016-9121CriMar 28, 2017
    risk 0.52cvss 9.1epss 0.01

    go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received public key on a message is on the same curve as the static private key of the…

  • CVE-2026-34986HigApr 6, 2026
    risk 0.42cvss 7.5epss 0.00

    Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption…

  • CVE-2016-9123HigMar 28, 2017
    risk 0.42cvss 7.5epss 0.02

    go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectures.

  • CVE-2016-9122HigMar 28, 2017
    risk 0.42cvss 7.5epss 0.02

    go-jose before 1.0.4 suffers from multiple signatures exploitation. The go-jose library supports messages with multiple signatures. However, when validating a signed message the API did not indicate which signature was valid, which could potentially lead to confusion. For…

  • CVE-2025-27144MedFeb 24, 2025
    risk 0.36cvss epss 0.00

    Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when…

  • CVE-2024-28180Mar 9, 2024
    risk 0.00cvss epss 0.02

    Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now…