10 matches found
CVE-2022-36083
JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named p2c PBES2 Count, which determine...
Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak for Multicloud Management
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for Multicloud Management version 2.3 Fix Pack 10 Vulnerability Details CVEID:CVE-2024-28176 DESCRIPTION: Node.js jose module is vulnerable to a denial of service, caused by a flaw during JWE Decryption operations. By sending a...
Security Bulletin: Vulnerability in the Node.js jose module affects IBM Event Streams (CVE-2022-36083)
Summary This security vulnerability affects the Node.js jose module that is used by IBM Event Streams. Vulnerability Details CVEID:CVE-2022-36083 DESCRIPTION: Node.js jose module is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted request usin...
0xble (=14.1.0), 10minions-engine (>=0.0.1 <=0.0.4) +7441 more potentially affected by CVE-2022-36083 via jose (>=4.0.3 <=4.9.1)
jose NPM version =4.0.3, =0.0.1, =1.0.0, =0.1.0, =1.0.22, =0.1.0, =0.1.1, =0.0.1, =0.4.0, =0.4.0, =1.0.2, =1.0.0, =0.0.1, =1.1.4, =1.1.24 and more Source cves: CVE-2022-36083 Source advisory: OSV:GHSA-JV3G-J58F-9MQ9...
@netceterapx/click-to-pay-embedded-sdk (>=0.0.1 <=1.0.5), postman-helper (>=1.0.0 <=1.0.2) potentially affected by CVE-2022-36083 via jose-browser-runtime (>=4.15.5 <=4.1.2)
jose-browser-runtime NPM version =4.15.5, =0.0.1, =1.0.0, =1.0.2 Source cves: CVE-2022-36083 Source advisory: OSV:GHSA-JV3G-J58F-9MQ9...
@dci-lint/cmd-api-server (>=0.3.0 <=0.4.0), @dci-lint/test-api-client (>=0.3.0 <=0.4.0) +46 more potentially affected by CVE-2022-36083 via jose (>=1.18.1 <=1.28.1)
jose NPM version =1.18.1, =0.3.0, =0.3.0, =0.3.0, =0.10.0-unstable.2b529f0, =0.6.1, =0.6.3, =0.6.3, =0.6.4, =0.6.3, =0.6.9, =0.6.1, =0.6.3, =0.6.3, =0.6.3, =0.6.5, =0.9.4 and more Source cves: CVE-2022-36083 Source advisory: OSV:GHSA-JV3G-J58F-9MQ9...
@teachbase/utils (=1.0.1) potentially affected by CVE-2022-36083 via jose-browser-runtime (=3.16.1)
jose-browser-runtime NPM version =3.16.1 is affected by a known vulnerability. The following packages have a transitive dependency on jose-browser-runtime and may be impacted: - @teachbase/utils =1.0.1 Source cves: CVE-2022-36083 Source advisory: OSV:GHSA-JV3G-J58F-9MQ9...
CVE-2022-36083 JOSE vulnerable to resource exhaustion via specifically crafted JWE
JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named p2c PBES2 Count, which determine...
CVE-2022-36083 JOSE vulnerable to resource exhaustion via specifically crafted JWE
JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named p2c PBES2 Count, which determine...
CVE-2022-36083
JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named p2c PBES2 Count, which determine...