HIGH 7.5
GHSA-3fx4-7f69-5mmg
Integer Overflow in go-jose
Details
go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectures.
Are you affected?
Enter the version of the package you're using.
Affected packages
Go / github.com/square/go-jose
Introduced in:
0 Fixed in: 0.0.0-20160903044734-789a4c4bd4c1 Fix
go get github.com/square/go-jose@v0.0.0-20160903044734-789a4c4bd4c1