Lucene search
Node-Jose Security Vulnerabilities - 2018
cve
node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for current web browsers and node.js-based servers. node-jose earlier than version 0.9.3 is vulnerable to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with Key Ag...
5.9CVSS
5.8AI Score
0.002EPSS
2018-06-04 07:29 PM
43
cve
A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signature (JWS) standard for JSON Web Tokens (JWTs)....
7.5CVSS
7.4AI Score
0.024EPSS
2018-01-04 06:29 AM
101
9