36 matches found
PT-2026-22699
Name of the Vulnerable Software and Affected Versions joserfc versions 1.6.2 and earlier Description joserfc is a Python library implementing JSON Object Signing and Encryption JOSE standards. A resource exhaustion issue in joserfc can lead to a Denial of Service DoS through CPU exhaustion. When...
MiracleLinux 9 : buildah-1.33.7-2.el9_4 (AXSA:2024-8286:05)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8286:05 advisory. golang: net/http: memory exhaustion in Request.ParseMultipartForm CVE-2023-45290 jose-go: improper handling of highly compressed data CVE-2024-28180...
MiracleLinux 9 : podman-4.9.4-4.el9_4 (AXSA:2024-8285:05)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8285:05 advisory. The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods...
PT-2025-51835
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
EUVD-2024-0938
Malicious code in bioql PyPI...
EUVD-2022-6862
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2024-28176
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens JWT, JSON Web Signature JWS, JSON Web Encryption JWE, JS...
SUSE CVE-2024-28176
jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens JWT, JSON Web Signature JWS, JSON Web Encryption JWE, JSON Web Key JWK, JSON Web Key Set JWKS, and more. A vulnerability has been identified in the JSON Web Encryption JWE decryption interfaces...
jose: resource exhaustion
Jose was found to have an uncontrolled resource consumption vulnerability. Under certain conditions, the user's environment can consume an unreasonable amount of CPU time or memory during JWE decryption operations, leading to a denial of service...
Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack (CVE-2024-28176).
Summary IBM Event Streams is vulnerable to a denial of service due to the jose module component, caused by a flaw during JWE Decryption operations. Jose module is a javaScript implementation of the JSON Object Signing and Encryption JOSE for current web browsers and node. js-based servers...
CVE-2024-28176
Jose was found to have an uncontrolled resource consumption vulnerability. Under certain conditions, the user's environment can consume an unreasonable amount of CPU time or memory during JWE decryption operations, leading to a denial of service. Mitigation Mitigation for this issue is either not...
Code injection
jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens JWT, JSON Web Signature JWS, JSON Web Encryption JWE, JSON Web Key JWK, JSON Web Key Set JWKS, and more. A vulnerability has been identified in the JSON Web Encryption JWE decryption interfaces...
CVE-2024-28176 jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext
jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens JWT, JSON Web Signature JWS, JSON Web Encryption JWE, JSON Web Key JWK, JSON Web Key Set JWKS, and more. A vulnerability has been identified in the JSON Web Encryption JWE decryption interfaces...
DEBIAN-CVE-2022-36083
JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named p2c PBES2 Count, which determine...
Default credentials
JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named p2c PBES2 Count, which determine...
CVE-2022-36083 JOSE vulnerable to resource exhaustion via specifically crafted JWE
JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named p2c PBES2 Count, which determine...