GHSA-6v2p-p543-phr9

Suggest an improvement

Source

https://github.com/advisories/GHSA-6v2p-p543-phr9

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/07/GHSA-6v2p-p543-phr9/GHSA-6v2p-p543-phr9.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-6v2p-p543-phr9

Aliases

Downstream

MINI-22w5-vf5x-2274

MINI-34gx-9hvw-4vc5

MINI-3xq4-fpcc-96r5

MINI-647p-cpmr-gc66

MINI-6rq2-9588-g8gv

MINI-7c46-g2f6-23wj

MINI-7f8p-48j8-c595

MINI-7pww-qq5p-9vcv

MINI-8xww-9fq6-ffp6

MINI-9h7j-mxxh-8q3q

MINI-cgh9-vp55-j4gq

MINI-fj64-g64v-fxh8

MINI-gpr2-x5g8-mj82

MINI-gxhw-jqrm-x6h5

MINI-mqq4-7cm9-83g5

MINI-q2j6-q4x9-xwc5

MINI-q9jw-8496-4hff

Published

2025-07-18T17:27:22Z

Modified

2025-07-18T17:44:16.560364Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

golang.org/x/oauth2 Improper Validation of Syntactic Correctness of Input vulnerability

Details

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

Database specific

{
    "severity": "HIGH",
    "nvd_published_at": "2025-02-26T08:14:24Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-1286"
    ],
    "github_reviewed_at": "2025-07-18T17:27:22Z"
}

References

Affected packages

Go / golang.org/x/oauth2

Package

Name: golang.org/x/oauth2; View open source insights on deps.dev
Purl: pkg:golang/golang.org/x/oauth2

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.27.0