jose

npm3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting josepage 1 of 1

CVE-2021-29443MEDIUMCVSS 5.9EG 5.9✓ Fixed in 3.11.4
2021-04-16
jose is an npm library providing a number of cryptographic operations. In vulnerable versions AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decr…
CVE-2022-36083MEDIUMCVSS 5.3EG 5.3✓ Fixed in 4.9.2
2022-09-07
JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The PBKDF2-based JWE key management algorithms expect a JO…
CVE-2024-28176MEDIUMCVSS 4.9EG 4.9✓ Fixed in 2.0.7
2024-03-09
jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has …

Check whether jose is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for jose CVEs against the assets you own.

Start Free Scan →