go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectures.
{ "nvd_published_at": null, "github_reviewed_at": "2021-05-20T16:26:07Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-190" ] }