Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jose project jose vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-22687
Insecure Storage of Sensitive Information vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup plugin <= 1.9.4.0 versions.
Freesoul Deactivate Plugins - Plugin Manager And Cleanup Project Freesoul Deactivate Plugins - Plugin Manager And Cleanup
9.8
CVSSv3
CVE-2023-23928
reason-jose is a JOSE implementation in ReasonML and OCaml.`Jose.Jws.validate` does not check HS256 signatures. This allows tampering of JWS header and payload data if the service does not perform additional checks. Such tampering could expose applications using reason-jose to au...
Reason-jose Project Reason-jose
5.3
CVSSv3
CVE-2022-36083
JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named ...
Jose Project Jose
7.5
CVSSv3
CVE-2022-29217
PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The...
Pyjwt Project Pyjwt
Fedoraproject Fedora 35
Fedoraproject Fedora 36
5.9
CVSSv3
CVE-2021-29444
jose-browser-runtime is an npm package which provides a number of cryptographic functions. In versions before 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if eit...
Jose-node-cjs-runtime Project Jose-node-cjs-runtime
5.9
CVSSv3
CVE-2021-29445
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions before 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if ei...
Jose-node-cjs-runtime Project Jose-node-cjs-runtime
5.9
CVSSv3
CVE-2021-29446
jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions before 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if ei...
Jose-node-cjs-runtime Project Jose-node-cjs-runtime
7.5
CVSSv3
CVE-2016-5431
The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens.
Php Jose Project Php Jose
4 Github repositories
7.5
CVSSv3
CVE-2016-9123
go-jose prior to 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectures.
Go-jose Project Go-jose
9.1
CVSSv3
CVE-2016-9121
go-jose prior to 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received public key on a message is on the same curve as the static private key of the rec...
Go-jose Project Go-jose
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »