Update module github.com/go-jose/go-jose/v3 to v3.0.4 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/go-jose/go-jose/v3	v3.0.0 -> v3.0.4

GitHub Vulnerability Alerts

GHSA-2c7c-3mj9-8fqh

The go-jose package is subject to a "billion hashes attack" causing denial-of-service when decrypting JWE inputs. This occurs when an attacker can provide a PBES2 encrypted JWE blob with a very large p2c value that, when decrypted, produces a denial-of-service.

CVE-2024-28180

Impact

An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). Thanks to Enze Wang@Alioth and Jianjun Chen@Zhongguancun Lab (@​zer0yu and @​chenjj) for reporting.

Patches

The problem is fixed in the following packages and versions:

• github.com/go-jose/go-jose/v4 version 4.0.1
• github.com/go-jose/go-jose/v3 version 3.0.3
• gopkg.in/go-jose/go-jose.v2 version 2.6.3

The problem will not be fixed in the following package because the package is archived:

• gopkg.in/square/go-jose.v2

CVE-2025-27144

Impact

When parsing compact JWS or JWE input, go-jose could use excessive memory. The code used strings.Split(token, ".") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of '.' characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service.

Patches

Version 4.0.5 fixes this issue

Workarounds

Applications could pre-validate payloads passed to go-jose do not contain an excessive number of '.' characters.

References

This is the same sort of issue as in the golang.org/x/oauth2/jws package as CVE-2025-22868 and Go issue https://go.dev/issue/71490.

---

Release Notes

go-jose/go-jose (github.com/go-jose/go-jose/v3)

v3.0.4

Compare Source

What's Changed

Backport fix for GHSA-c6gw-w398-hv78 CVE-2025-27144
https://github.com/go-jose/go-jose/pull/174

Full Changelog: go-jose/go-jose@v3.0.3...v3.0.4

v3.0.3: Version 3.0.3

Compare Source

Fixed

• Limit decompression output size to prevent a DoS. Backport from v4.0.1.

v3.0.2

Compare Source

Fixed

• DecryptMulti: handle decompression error (#​19)

Changed

• jwe/CompactSerialize: improve performance (#​67)
• Increase the default number of PBKDF2 iterations to 600k (#​48)
• Return the proper algorithm for ECDSA keys (#​45)

Added

• Add Thumbprint support for opaque signers (#​38)

v3.0.1

Compare Source

Fixed

• Security issue: an attacker specifying a large "p2c" value can cause
  JSONWebEncryption.Decrypt and JSONWebEncryption.DecryptMulti to consume large
  amounts of CPU, causing a DoS. Thanks to Matt Schwager (@​mschwager) for the
  disclosure and to Tom Tervoort for originally publishing the category of attack.
  https://i.blackhat.com/BH-US-23/Presentations/US-23-Tervoort-Three-New-Attacks-Against-JSON-Web-Tokens.pdf

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 2 additional dependencies were updated

Details:

Package	Change
golang.org/x/crypto	v0.1.0 -> v0.19.0
golang.org/x/sys	v0.6.0 -> v0.17.0