Groups keyboard shortcuts have been updated
Dismiss
See shortcuts

[security] Vulnerability in golang.org/x/oauth2

297 views
Skip to first unread message

anno...@golang.org

unread,
Feb 24, 2025, 12:58:13 PMFeb 24
to golan...@googlegroups.com

Hello gophers,

We have tagged version v0.27.0 of golang.org/x/oauth2 in order to address a security issue.

jws: unexpected memory consumption during token parsing

Version v0.27.0 of golang.org/x/oauth2 fixes a vulnerability in the golang.org/x/oauth2/jws package which could cause a denial of service.

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

Thanks to jub0bs for reporting this issue.

This is CVE-2025-22868 and Go issue https://go.dev/issue/71490.

Cheers,
Go Security team

Reply all
Reply to author
Forward
0 new messages