0.001 Low
EPSS
Percentile
51.3%
jose is vulnerable to padding oracle attack. A possible observable difference in timing when padding error occurs while decrypting the ciphertext allows an attacker to obtain the plaintext data without knowledge of the decryption key.
github.com/advisories/GHSA-58f5-hfqc-jgch
github.com/panva/jose/security/advisories/GHSA-58f5-hfqc-jgch
www.npmjs.com/advisories/1661
www.npmjs.com/package/jose