VYPR

Jose

by Appsup Dart

Source repositories

CVEs (2)

  • CVE-2026-34240HigMar 31, 2026
    risk 0.42cvss 7.5epss 0.00

    JOSE is a Javascript Object Signing and Encryption (JOSE) library. Prior to version 0.3.5+1, a vulnerability in jose could allow an unauthenticated, remote attacker to forge valid JWS/JWT tokens by using a key embedded in the JOSE header (jwk). The vulnerability exists because…

  • CVE-2023-50967Mar 20, 2024
    risk 0.00cvss epss 0.01

    latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.