3 matches found
The vulnerability of the implementation of the JSON Web Encryption (JWE) standard RFC 7516 in the Ruby programming language allows a perpetrator to disclose and modify the protected information.
The vulnerability of the JSON Web Encryption JWE RFC 7516 standard implementation in the Ruby programming language is related to improper verification of data integrity. Exploiting this vulnerability could allow an attacker to disclose and modify the protected information...
GHSA-RM8V-MXJ3-5RMQ github.com/lestrrat-go/jwx vulnerable to Potential Padding Oracle Attack
Summary Decrypting AES-CBC encrypted JWE has Potential Padding Oracle Attack Vulnerability. Details On v2.0.10, decrypting AES-CBC encrypted JWE may return an error "failed to generate plaintext from decrypted blocks: invalid padding":...
Critical vulnerability in JSON Web Encryption (JWE) - RFC 7516
tl;dr if you are using go-jose, node-jose, jose2go, Nimbus JOSE+JWT or jose4j with ECDH-ES please update to the latest version. RFC 7516 aka JSON Web Encryption JWE hence many software libraries implementing this specification used to suffer from a classic Invalid Curve Attack. This would allow a...