CVE-2025-22868

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

Open

LOW (2.1)

T
Tim Bastin detected CVE-2025-22868 with a risk of 2.12
main
System updated the risk assessment from 2.12 to 1.41
main
System recalculated raw risk assessment
System updated the risk assessment from 1.41 to 4.25
main
System recalculated raw risk assessment
T
Tim Bastin detected CVE-2025-22868 with scanner: container-scanning
main
T
Tim Bastin created a ticket for CVE-2025-22868
main
Everything after this entry will be synced with the external system. The ticket can be found at https://gitlab.opencode.de/open-code/badgebackend/badge-api/-/issues/11
System updated the risk assessment from 4.25 to 1.15
main
System recalculated raw risk assessment
System updated the risk assessment from 1.15 to 2.12
main
System recalculated raw risk assessment
System detected CVE-2025-22868 with a risk of 4.25
main
System detected CVE-2025-22868 with scanner: sca
main
System created a ticket for CVE-2025-22868
main
Everything after this entry will be synced with the external system. The ticket can be found at https://gitlab.opencode.de/open-code/badgebackend/badge-api/-/issues/12
System created a ticket for CVE-2025-22868
main
Everything after this entry will be synced with the external system. The ticket can be found at https://gitlab.opencode.de/open-code/badgebackend/badge-api/-/issues/13
System updated the risk assessment from 4.25 to 2.12
main
System recalculated raw risk assessment

Last calculated at:

golang.org/x/oauth2

Installed version:

0.25.0

Fixed in:

v0.27.0

Update all Dependencies

Update only golang.org/x/oauth2