Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/12/05 7:24 p.m.6 views

CVE-2025-65945

auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the...

7.5CVSS6.1AI score0.002EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/12/04 6:45 p.m.2 views

CVE-2025-65945 auth0/node-jws improper HMAC signature verification vulnerability

auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the...

7.5CVSS6.2AI score0.002EPSS
Exploits1References2
OSV
OSV
added 2024/03/09 1:15 a.m.10 views

AZL-35887 CVE-2024-28180 affecting package moby-containerd-cc for versions less than 1.7.7-6

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

4.3CVSS6.4AI score0.01956EPSS
Exploits0References1
OSV
OSV
added 2024/03/09 1:15 a.m.5 views

AZL-35875 CVE-2024-28180 affecting package cert-manager for versions less than 1.12.12-1

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if t...

4.3CVSS6.4AI score0.01956EPSS
Exploits0References1
Rows per page
Query Builder