CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-51775 – jose4j: denial of service via specially crafted JWE
https://notcve.org/view.php?id=CVE-2023-51775
25 Dec 2023 — The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value. El componente jose4j anterior a 0.9.4 para Java permite a los atacantes provocar una denegación de servicio (consumo de CPU) mediante un valor grande de p2c (también conocido como PBES2 Count). A flaw was found in the jose.4.j (jose4j) library. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c (PBES2 Count). This parame... • https://bitbucket.org/b_c/jose4j/issues/212 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-31582 – jose4j: Insecure iteration count setting
https://notcve.org/view.php?id=CVE-2023-31582
24 Oct 2023 — jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less. jose4j anterior a v0.9.3 permite a los atacantes establecer un recuento bajo de iteraciones de 1000 o menos. A flaw was found in Jose4J which allows a malicious user or internal person to erroneously set a low iteration count of 1000 or less to secure the Json Web Token. This could apply to lack of entropy and leave the system less secure. • https://bitbucket.org/b_c/jose4j/issues/203/insecure-support-of-setting-pbe-less-then • CWE-331: Insufficient Entropy •