Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| n/a | n/a | affected |
|
No data.
| Vendor | Product | Confidence | Versions |
|---|---|---|---|
| Dvsekhvalnov | Jose2go | — | — |
Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .
No remediation available yet.
Tracking
Sign in to view the affected projects.
| Source | ID | Title |
|---|---|---|
 Github GHSA |
GHSA-9mj6-hxhv-w67j | jose2go is vulnerable to a JWT bomb attack through its decode function |
| Link | Providers |
|---|---|
| https://github.com/dvsekhvalnov/jose2go/issues/33 |
|
Wed, 31 Dec 2025 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| CPEs | cpe:2.3:a:dvsekhvalnov:jose2go:*:*:*:*:*:go:*:* |
Thu, 13 Nov 2025 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-400 | |
| Metrics |
cvssV3_1
|
Wed, 12 Nov 2025 23:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Dvsekhvalnov
Dvsekhvalnov jose2go |
|
| Vendors & Products |
Dvsekhvalnov
Dvsekhvalnov jose2go |
Wed, 12 Nov 2025 15:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allowing an attacker to cause a Denial-of-Service (DoS) via crafted JSON Web Encryption (JWE) token with an exceptionally high compression ratio. | |
| References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2025-11-13T16:01:59.200Z
Reserved: 2025-10-27T00:00:00.000Z
Link: CVE-2025-63811
Vulnrichment
Updated: 2025-11-13T16:01:40.895Z
NVD
Status : Analyzed
Published: 2025-11-12T18:15:35.953
Modified: 2025-12-31T16:26:18.007
Link: CVE-2025-63811
Redhat
No data.
OpenCVE Enrichment
Updated: 2025-11-12T22:16:16Z