jose4j
by jose4j
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-29371 | 0.00 | — | 0.00 | Dec 17, 2025 | In jose4j before 0.9.6, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and… | |||
| CVE-2023-51775 | 0.00 | — | 0.01 | Dec 25, 2023 | The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value. | |||
| CVE-2023-31582 | 0.00 | — | 0.01 | Oct 24, 2023 | jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less. |
- CVE-2024-29371Dec 17, 2025risk 0.00cvss —epss 0.00
In jose4j before 0.9.6, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and…
- CVE-2023-51775Dec 25, 2023risk 0.00cvss —epss 0.01
The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
- CVE-2023-31582Oct 24, 2023risk 0.00cvss —epss 0.01
jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less.