jose-browser-runtime

npm2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting jose-browser-runtimepage 1 of 1

CVE-2021-29444MEDIUMCVSS 5.9EG 5.9✓ Fixed in 3.11.4
2021-04-16
jose-browser-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC …
CVE-2022-36083MEDIUMCVSS 5.3EG 5.3✓ Fixed in 4.9.2
2022-09-07
JOSE is "JSON Web Almost Everything" - JWA, JWS, JWE, JWT, JWK, JWKS with no dependencies using runtime's native crypto in Node.js, Browser, Cloudflare Workers, Electron, and Deno. The PBKDF2-based JWE key management algorithms expect a JO…

Check whether jose-browser-runtime is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for jose-browser-runtime CVEs against the assets you own.

Start Free Scan →