node-jose

npm3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting node-josepage 1 of 1

CVE-2017-16007MEDIUMCVSS 5.9✓ Fixed in 0.9.3
2018-06-04
node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for current web browsers and node.js-based servers. node-jose earlier than version 0.9.3 is vulnerable to an invalid curve attack. This allows an att…
CVE-2018-0114HIGHCVSS 7.5✓ Fixed in 0.11.0
2018-01-04
A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the J…
CVE-2023-25653HIGHCVSS 7.5EG 7.5✓ Fixed in 2.2.0
2023-02-16
node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for web browsers and node.js-based servers. Prior to version 2.2.0, when using the non-default "fallback" crypto back-end, ECC operations in `node-jo…

Check whether node-jose is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for node-jose CVEs against the assets you own.

Start Free Scan →