14 matches found
SUSE CVE-2026-33204
SimpleJWT is a simple JSON web token library written in PHP. Prior to version 1.1.1, an unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt on attacker-controlled JWEs using PBES2 algorithms are...
CVE-2026-33204
A flaw was found in SimpleJWT, a PHP library for JSON Web Tokens. An unauthenticated attacker can exploit this vulnerability by tampering with JSON Web Encryption JWE headers when Password-Based Key Derivation Function 2 PBES2 algorithms are in use. This can lead to a Denial of Service DoS if an...
CVE-2026-33204
SimpleJWT is a simple JSON web token library written in PHP. Prior to version 1.1.1, an unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt on attacker-controlled JWEs using PBES2 algorithms are...
CVE-2026-33204 SimpleJWT has an Unauthenticated Denial of Service via JWE header tampering
SimpleJWT is a simple JSON web token library written in PHP. Prior to version 1.1.1, an unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt on attacker-controlled JWEs using PBES2 algorithms are...
CVE-2026-33204 SimpleJWT has an Unauthenticated Denial of Service via JWE header tampering
SimpleJWT is a simple JSON web token library written in PHP. Prior to version 1.1.1, an unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt on attacker-controlled JWEs using PBES2 algorithms are...
SimpleJWT 资源管理错误漏洞
SimpleJWT is a JSON Web Token library written in PHP by Kelvin Mo as a personal project. Versions of SimpleJWT prior to 1.1.1 contained a resource management vulnerability. This vulnerability arises from the use of the PBES2 algorithm, allowing unauthenticated attackers to perform denial-of-servi...
SimpleJWT has an Unauthenticated Denial of Service via JWE header tampering
Summary An unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt on attacker-controlled JWEs using PBES2 algorithms are affected. Details PHP version: PHP 8.4.11 SimpleJWT version: v1.1.0 The relevant...
PT-2026-26212
Summary An unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt on attacker-controlled JWEs using PBES2 algorithms are affected. Details PHP version: PHP 8.4.11 SimpleJWT version: v1.1.0 The relevant...
nimbus-jose-jwt: large JWE p2c header value causes Denial of Service
A vulnerability was found in the Nimbus Jose JWT package. By crafting a JWE with an excessively large p2c value, an attacker can trigger significant resource consumption during decryption, potentially leading to application slowdown or unavailability...
nimbus-jose-jwt: large JWE p2c header value causes Denial of Service
A vulnerability was found in the Nimbus Jose JWT package. By crafting a JWE with an excessively large p2c value, an attacker can trigger significant resource consumption during decryption, potentially leading to application slowdown or unavailability...
GHSA-GVPG-VGMX-XG6W Denial of Service in Connect2id Nimbus JOSE+JWT
In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header value aka iteration count for the PasswordBasedDecrypter PBKDF2 component...
CVE-2023-52428
In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service resource consumption via a large JWE p2c header value aka iteration count for the PasswordBasedDecrypter PBKDF2 component...
PT-2024-3099 · Atlassian +1 · Confluence Data Center/Server +4
Name of the Vulnerable Software and Affected Versions: Connect2id Nimbus JOSE+JWT versions prior to 9.37.2 Confluence Data Center and Server versions prior to 7.19.23 Confluence Data Center and Server versions prior to 8.5.11 Confluence Data Center and Server versions prior to 8.6.2 Confluence Da...
UBUNTU-CVE-2022-36083
JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named p2c PBES2 Count, which determine...