VYPR

Pub (Dart) package

jose

pkg:pub/jose

Vulnerabilities (1)

  • CVE-2026-34240HigMar 31, 2026
    affected < 0.3.5+1fixed 0.3.5+1

    JOSE is a Javascript Object Signing and Encryption (JOSE) library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header (jwk). The vulnerability exists because ke