Lucene search

Jose-php Project Security Vulnerabilities

cve

CVE-2016-5431

The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted...

7.5CVSS

7.4AI Score

0.001EPSS

2019-08-07 03:15 PM

cve

CVE-2016-5430

The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php in jose-php before 2.2.1 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack...

5.3CVSS

5.1AI Score

0.001EPSS

2016-09-03 08:59 PM

cve

CVE-2016-5429

jose-php before 2.2.1 does not use constant-time operations for HMAC comparison, which makes it easier for remote attackers to obtain sensitive information via a timing attack, related to JWE.php and...

3.7CVSS

4.1AI Score

0.002EPSS

2016-09-03 08:59 PM