An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.
{ "url": "https://pkg.go.dev/vuln/GO-2025-3488", "review_status": "REVIEWED" }
{ "imports": [ { "symbols": [ "Verify" ], "path": "golang.org/x/oauth2/jws" } ] }