Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jose project jose vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-22687
Insecure Storage of Sensitive Information vulnerability in Jose Mortellaro Freesoul Deactivate Plugins – Plugin manager and cleanup plugin <= 1.9.4.0 versions.
Freesoul Deactivate Plugins - Plugin Manager And Cleanup Project Freesoul Deactivate Plugins - Plugin Manager And Cleanup
NA
CVE-2023-23928
reason-jose is a JOSE implementation in ReasonML and OCaml.`Jose.Jws.validate` does not check HS256 signatures. This allows tampering of JWS header and payload data if the service does not perform additional checks. Such tampering could expose applications using reason-jose to au...
Reason-jose Project Reason-jose
NA
CVE-2022-36083
JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named ...
Jose Project Jose
5
CVSSv2
CVE-2022-29217
PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The...
Pyjwt Project Pyjwt
Fedoraproject Fedora 35
Fedoraproject Fedora 36
4.3
CVSSv2
CVE-2021-29444
jose-browser-runtime is an npm package which provides a number of cryptographic functions. In versions before 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if eit...
Jose-node-cjs-runtime Project Jose-node-cjs-runtime
4.3
CVSSv2
CVE-2021-29445
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions before 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if ei...
Jose-node-cjs-runtime Project Jose-node-cjs-runtime
4.3
CVSSv2
CVE-2021-29446
jose-node-cjs-runtime is an npm package which provides a number of cryptographic functions. In versions before 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if ei...
Jose-node-cjs-runtime Project Jose-node-cjs-runtime
4.3
CVSSv2
CVE-2021-29443
jose is an npm library providing a number of cryptographic operations. In vulnerable versions AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDecryptionFa...
Jose Project Jose
5
CVSSv2
CVE-2016-5431
The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens.
Php Jose Project Php Jose
4 Github repositories
6.4
CVSSv2
CVE-2016-9121
go-jose prior to 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received public key on a message is on the same curve as the static private key of the rec...
Go-jose Project Go-jose
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »