Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jose project jose vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-36083
JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named ...
Jose Project Jose
383
VMScore
CVE-2021-29443
jose is an npm library providing a number of cryptographic operations. In vulnerable versions AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFa...
Jose Project Jose
383
VMScore
CVE-2016-5429
jose-php prior to 2.2.1 does not use constant-time operations for HMAC comparison, which makes it easier for remote malicious users to obtain sensitive information via a timing attack, related to JWE.php and JWS.php.
Jose-php Project Jose-php
445
VMScore
CVE-2016-5430
The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php in jose-php prior to 2.2.1 lacks the Random Filling protection mechanism, which makes it easier for remote malicious users to obtain cleartext data via a Million Message Attack (MMA).
Jose-php Project Jose-php
570
VMScore
CVE-2016-9121
go-jose prior to 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received public key on a message is on the same curve as the static private key of the rec...
Go-jose Project Go-jose
445
VMScore
CVE-2016-9123
go-jose prior to 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectures.
Go-jose Project Go-jose
446
VMScore
CVE-2016-5431
The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens.
Php Jose Project Php Jose
4 Github repositories
NA
CVE-2023-23928
reason-jose is a JOSE implementation in ReasonML and OCaml.`Jose.Jws.validate` does not check HS256 signatures. This allows tampering of JWS header and payload data if the service does not perform additional checks. Such tampering could expose applications using reason-jose to au...
Reason-jose Project Reason-jose
445
VMScore
CVE-2016-9122
go-jose prior to 1.0.4 suffers from multiple signatures exploitation. The go-jose library supports messages with multiple signatures. However, when validating a signed message the API did not indicate which signature was valid, which could potentially lead to confusion. For examp...
Go-jose Project Go-jose
668
VMScore
CVE-2016-7036
python-jose prior to 1.3.2 allows malicious users to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys.
Python-jose Project Python-jose
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »