CVE-2024-28180
- EPSS 3.64%
- Veröffentlicht 09.03.2024 01:15:07
- Zuletzt bearbeitet 03.12.2025 20:29:36
Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or Decrypt...
CVE-2016-9121
- EPSS 0.51%
- Veröffentlicht 28.03.2017 02:59:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
go-jose before 1.0.4 suffers from an invalid curve attack for the ECDH-ES algorithm. When deriving a shared key using ECDH-ES for an encrypted message, go-jose neglected to check that the received public key on a message is on the same curve as the s...
CVE-2016-9122
- EPSS 0.31%
- Veröffentlicht 28.03.2017 02:59:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
go-jose before 1.0.4 suffers from multiple signatures exploitation. The go-jose library supports messages with multiple signatures. However, when validating a signed message the API did not indicate which signature was valid, which could potentially ...
CVE-2016-9123
- EPSS 0.27%
- Veröffentlicht 28.03.2017 02:59:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit architectures. An integer overflow could lead to authentication bypass for CBC-HMAC encrypted ciphertexts on 32-bit architectures.