Search CVE reports
1 – 10 of 14 results
CVE-2024-33664
Medium prioritypython-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a "JWT bomb." This is similar to...
1 affected packages
python-jose
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-jose | Needs evaluation | Needs evaluation | Not in release | — | — |
CVE-2024-33663
Medium prioritypython-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.
1 affected packages
python-jose
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
python-jose | Needs evaluation | Needs evaluation | Not in release | — | — |
CVE-2023-50967
Medium prioritylatchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
1 affected packages
jose
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
jose | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2023-50966
Medium priorityerlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value in a JOSE header.
1 affected packages
erlang-jose
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
erlang-jose | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | — |
CVE-2024-28180
Medium priorityPackage jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed...
1 affected packages
golang-github-go-jose-go-jose
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-github-go-jose-go-jose | Needs evaluation | Not in release | Not in release | — | — |
CVE-2024-28176
Medium priorityjose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more....
1 affected packages
node-jose
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
node-jose | Needs evaluation | Needs evaluation | Not in release | — | — |
CVE-2023-51775
Medium priorityThe jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
1 affected packages
libjose4j-java
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libjose4j-java | Needs evaluation | Needs evaluation | Not in release | Ignored | Ignored |
CVE-2023-50658
Medium priorityThe jose2go component before 1.6.0 for Go allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
1 affected packages
golang-github-dvsekhvalnov-jose2go
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
golang-github-dvsekhvalnov-jose2go | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
CVE-2023-31582
Medium priorityjose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less.
1 affected packages
libjose4j-java
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
libjose4j-java | Needs evaluation | Needs evaluation | Not in release | Ignored | Ignored |
CVE-2023-37464
Medium prioritySome fixes available 4 of 8
OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says...
1 affected packages
cjose
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
cjose | Needs evaluation | Fixed | Fixed | Fixed | Ignored |