VYPR

jose4j

by jose4j

CVEs (3)

  • CVE-2024-29371Dec 17, 2025
    risk 0.00cvss epss 0.00

    In jose4j before 0.9.6, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and…

  • CVE-2023-51775Dec 25, 2023
    risk 0.00cvss epss 0.01

    The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

  • CVE-2023-31582Oct 24, 2023
    risk 0.00cvss epss 0.01

    jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less.