CNNVD-202511-1397 Information

CNNVD ID

CNNVD-202511-1397

Related CVE

CVE-2025-63811

• CNNVD Published: 2025-11-12

Description (Chinese)

jose2go是DV个人开发者的一个 Golang 实现的 Javascript 对象签名和加密规范。 jose2go 1.5.0版本至1.7.0版本存在安全漏洞，该漏洞源于特制JWE令牌可能导致拒绝服务。

Description (English)

jose2go is the Javascript object signature and encryption code performed by a Golang DV personal developer. jose2go, versions 1.5.0 to 1.7.0, contains a security loophole, which arises out of a specific JWE token that may result in the denial of services.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-11-12

Last Modified

2026-02-24

References

https://github.com/dvsekhvalnov/jose2go/issues/33

Patch

https://github.com/dvsekhvalnov/jose2go/tags