CVE-2023-51775

The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

CVE-2023-31582

jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less.