CVE-2023-25653
- EPSS 0.36%
- Veröffentlicht 16.02.2023 19:15:14
- Zuletzt bearbeitet 21.11.2024 07:49:52
node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for web browsers and node.js-based servers. Prior to version 2.2.0, when using the non-default "fallback" crypto back-end, ECC operations in `node-jose` can tri...
CVE-2017-16007
- EPSS 0.26%
- Veröffentlicht 04.06.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 03:15:39
node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for current web browsers and node.js-based servers. node-jose earlier than version 0.9.3 is vulnerable to an invalid curve attack. This allows an attacker to re...
CVE-2018-0114
- EPSS 84.69%
- Veröffentlicht 04.01.2018 06:29:00
- Zuletzt bearbeitet 21.11.2024 03:37:32
A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Sig...