Maven package
org.bitbucket.b_c/jose4j
pkg:maven/org.bitbucket.b_c/jose4j
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-29371 | — | < 0.9.6 | 0.9.6 | Dec 17, 2025 | In jose4j before 0.9.6, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and proc | ||
| CVE-2023-51775 | — | < 0.9.4 | 0.9.4 | Dec 25, 2023 | The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value. | ||
| CVE-2023-31582 | — | < 0.9.3 | 0.9.3 | Oct 24, 2023 | jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less. |
- CVE-2024-29371Dec 17, 2025affected < 0.9.6fixed 0.9.6
In jose4j before 0.9.6, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and proc
- CVE-2023-51775Dec 25, 2023affected < 0.9.4fixed 0.9.4
The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
- CVE-2023-31582Oct 24, 2023affected < 0.9.3fixed 0.9.3
jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less.