All 5 CVE vulnerabilities found in jose, with AI-generated Chinese analysis, references, and POCs.
Vendor: panva
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-34240 | jose vulnerable to untrusted JWK header key acceptance during signature verification CWE-347 | 7.5 | High | 2026-03-31 |
| CVE-2024-28176 | jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext CWE-400 | 4.9 | Medium | 2024-03-09 |
| CVE-2022-36083 | JOSE vulnerable to resource exhaustion via specifically crafted JWE CWE-400 | 5.3 | Medium | 2022-09-07 |
| CVE-2021-29444 | Padding Oracle Attack due to Observable Timing Discrepancy in jose-browser-runtime CWE-203 | 5.9 | Medium | 2021-04-16 |
| CVE-2021-29443 | Padding Oracle Attack due to Observable Timing Discrepancy in jose CWE-203 | 5.9 | Medium | 2021-04-16 |
All 5 known CVE vulnerabilities affecting jose with full Chinese analysis, references, and POCs where available.