Skip to content

Commit

Permalink
CVE-2025-27144: vendor: don't allow unbounded amounts of splits
Browse files Browse the repository at this point in the history 
In compact JWS/JWE, don't allow unbounded number of splits.
Count to make sure there's the right number, then use SplitN.

Fixes CVE-2025-27144
Bugs: bsc#1237681

Cherry-picked from go-jose/go-jose@99b346c

Signed-off-by: Danish Prakash <contact@danishpraka.sh>
  • Loading branch information
@mcpherrinm @danishprakash
mcpherrinm authored and danishprakash committed Mar 4, 2025
1 parent fd39521 commit fcf9115
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 4 deletions.
5 changes: 3 additions & 2 deletions vendor/github.com/go-jose/go-jose/v4/jwe.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 3 additions & 2 deletions vendor/github.com/go-jose/go-jose/v4/jws.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit fcf9115

Please sign in to comment.