Lucene search
K

306 matches found

OpenVAS
OpenVAS
added 2022/07/18 12:0 a.m.13 views

Fedora: Security Advisory for golang-gopkg-square-jose-2 (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.3CVSS8.9AI score0.05994EPSS
Exploits4References2
Fedora
Fedora
added 2022/07/04 1:35 a.m.20 views

[SECURITY] Fedora 36 Update: golang-gopkg-square-jose-2-2.6.0-3.fc36

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. This includes support for JSON Web Encryption, JSON Web Signature, and JSON Web Token standards...

9.3CVSS8.2AI score0.05994EPSS
Exploits4
CNNVD
CNNVD
added 2021/04/16 12:0 a.m.4 views

jose-browser-runtime 安全漏洞

npm jose-browser-runtime is an application from the US company npm. Generic " JSON Web almost everything " - JWA, JWS, JWE, JWT, JWK using native encryption runtime without dependencies. A security vulnerability exists in jose-browser-runtime, which stems from the possibility of a noticeable time...

5.9CVSS7AI score0.01238EPSS
Exploits0References3
ThreatPost
ThreatPost
added 2017/03/15 11:46 a.m.15 views

JSON Libraries Patched Against Invalid Curve Crypto Attack

A number of JSON libraries using the JSON Web Encryption specification JWE to create, sign and encrypt access tokens have been patched against an attack that allows for the recovery of a private key. Researcher Antonio Sanso of Adobe said the go-jose, node-jose, jose2go, Nimbus JOSE+WT and jose4...

0.3AI score
Exploits0References6
Hacker One
Hacker One
added 2017/03/14 4:15 p.m.32 views

Internet Bug Bounty: Critical vulnerability in JSON Web Encryption (JWE) - RFC 7516 Invalid Curve attack

We found an issue in the JWE specification where it fails to warn the implementers about Invalid Curve attack. We found several libraries to be vulnerable : node-jose, jose2go, Nimbus JOSE+JWT and jose4j and in the process of filing an errata for the RFC. We report the vulnerabilities to the...

7AI score
Exploits0
Into the symmetry
Into the symmetry
added 2017/03/13 6:44 p.m.94 views

Critical vulnerability in JSON Web Encryption (JWE) - RFC 7516

tl;dr if you are using go-jose, node-jose, jose2go, Nimbus JOSE+JWT or jose4j with ECDH-ES please update to the latest version. RFC 7516 aka JSON Web Encryption JWE hence many software libraries implementing this specification used to suffer from a classic Invalid Curve Attack. This would allow a...

7.1AI score
Exploits0
Rows per page
Query Builder