Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:10 a.m.10 views

CVE-2022-36083

JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named p2c PBES2 Count, which determine...

5.3CVSS6.9AI score0.01112EPSS
Exploits1
IBM Security Bulletins
IBM Security Bulletins
added 2025/03/20 5:8 p.m.33 views

Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak for Multicloud Management

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for Multicloud Management version 2.3 Fix Pack 10 Vulnerability Details CVEID:CVE-2024-28176 DESCRIPTION: Node.js jose module is vulnerable to a denial of service, caused by a flaw during JWE Decryption operations. By sending a...

7.5CVSS10AI score0.99298EPSS
Exploits13Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/09/30 1:43 p.m.39 views

Security Bulletin: Vulnerability in the Node.js jose module affects IBM Event Streams (CVE-2022-36083)

Summary This security vulnerability affects the Node.js jose module that is used by IBM Event Streams. Vulnerability Details CVEID:CVE-2022-36083 DESCRIPTION: Node.js jose module is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted request usin...

5.3CVSS5.5AI score0.01112EPSS
Exploits1Affected Software1
vulnersOsv
vulnersOsv
added 2022/09/16 5:44 p.m.4 views

0xble (=14.1.0), 10minions-engine (>=0.0.1 <=0.0.4) +7441 more potentially affected by CVE-2022-36083 via jose (>=4.0.3 <=4.9.1)

jose NPM version =4.0.3, =0.0.1, =1.0.0, =0.1.0, =1.0.22, =0.1.0, =0.1.1, =0.0.1, =0.4.0, =0.4.0, =1.0.2, =1.0.0, =0.0.1, =1.1.4, =1.1.24 and more Source cves: CVE-2022-36083 Source advisory: OSV:GHSA-JV3G-J58F-9MQ9...

5.3CVSS6.5AI score0.01112EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/09/16 5:44 p.m.7 views

@netceterapx/click-to-pay-embedded-sdk (>=0.0.1 <=1.0.5), postman-helper (>=1.0.0 <=1.0.2) potentially affected by CVE-2022-36083 via jose-browser-runtime (>=4.15.5 <=4.1.2)

jose-browser-runtime NPM version =4.15.5, =0.0.1, =1.0.0, =1.0.2 Source cves: CVE-2022-36083 Source advisory: OSV:GHSA-JV3G-J58F-9MQ9...

5.3CVSS6.6AI score0.01112EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/09/16 5:44 p.m.5 views

@dci-lint/cmd-api-server (>=0.3.0 <=0.4.0), @dci-lint/test-api-client (>=0.3.0 <=0.4.0) +46 more potentially affected by CVE-2022-36083 via jose (>=1.18.1 <=1.28.1)

jose NPM version =1.18.1, =0.3.0, =0.3.0, =0.3.0, =0.10.0-unstable.2b529f0, =0.6.1, =0.6.3, =0.6.3, =0.6.4, =0.6.3, =0.6.9, =0.6.1, =0.6.3, =0.6.3, =0.6.3, =0.6.5, =0.9.4 and more Source cves: CVE-2022-36083 Source advisory: OSV:GHSA-JV3G-J58F-9MQ9...

5.3CVSS6.6AI score0.01112EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2022/09/16 5:44 p.m.8 views

@teachbase/utils (=1.0.1) potentially affected by CVE-2022-36083 via jose-browser-runtime (=3.16.1)

jose-browser-runtime NPM version =3.16.1 is affected by a known vulnerability. The following packages have a transitive dependency on jose-browser-runtime and may be impacted: - @teachbase/utils =1.0.1 Source cves: CVE-2022-36083 Source advisory: OSV:GHSA-JV3G-J58F-9MQ9...

5.3CVSS6.6AI score0.01112EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2022/09/07 9:55 p.m.6 views

CVE-2022-36083 JOSE vulnerable to resource exhaustion via specifically crafted JWE

JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named p2c PBES2 Count, which determine...

5.3CVSS5.6AI score0.01112EPSS
Exploits1References3
Cvelist
Cvelist
added 2022/09/07 9:55 p.m.33 views

CVE-2022-36083 JOSE vulnerable to resource exhaustion via specifically crafted JWE

JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named p2c PBES2 Count, which determine...

5.3CVSS5.5AI score0.01112EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2022/09/07 9:55 p.m.47 views

CVE-2022-36083

JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named p2c PBES2 Count, which determine...

5.3CVSS6.1AI score0.01112EPSS
Exploits1
Rows per page
Query Builder