rpm package

almalinux/jose

pkg:rpm/almalinux/jose

Vulnerabilities (2)

CVE	Sev	CVSS	KEV	Affected versions	Fixed in	Published	Description
CVE-2023-50967		—		< 10-2.el8_10.3	10-2.el8_10.3	Mar 20, 2024	latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
CVE-2024-28176		—		< 10-2.el8_10.3	10-2.el8_10.3	Mar 9, 2024	jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has been identified in the JSON Web Encrypt

CVE-2023-50967Mar 20, 2024
affected < 10-2.el8_10.3fixed 10-2.el8_10.3
latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
CVE-2024-28176Mar 9, 2024
affected < 10-2.el8_10.3fixed 10-2.el8_10.3
jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has been identified in the JSON Web Encrypt