Lucene search
K

4 matches found

OSV
OSV
added 2022/09/16 5:44 p.m.1 views

GHSA-JV3G-J58F-9MQ9 JOSE vulnerable to resource exhaustion via specifically crafted JWE

The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named p2c PBES2 Count, which determines how many PBKDF2 iterations must be executed in order to derive a CEK wrapping key. The purpose of this parameter is to intentionally slow down the key derivation function in order...

5.3CVSS7.2AI score0.01071EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/09/16 5:44 p.m.55 views

JOSE vulnerable to resource exhaustion via specifically crafted JWE

The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named p2c PBES2 Count, which determines how many PBKDF2 iterations must be executed in order to derive a CEK wrapping key. The purpose of this parameter is to intentionally slow down the key derivation function in order...

5.3CVSS6.1AI score0.01071EPSS
Exploits1References5Affected Software4
Prion
Prion
added 2022/09/07 10:15 p.m.19 views

Default credentials

JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named p2c PBES2 Count, which determine...

5CVSS5.5AI score0.01071EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2022/09/07 9:55 p.m.45 views

CVE-2022-36083

JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The PBKDF2-based JWE key management algorithms expect a JOSE Header Parameter named p2c PBES2 Count, which determine...

5.3CVSS6.1AI score0.01071EPSS
Exploits1
Rows per page
Query Builder