3 results (0.005 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for web browsers and node.js-based servers. Prior to version 2.2.0, when using the non-default "fallback" crypto back-end, ECC operations in `node-jose` can trigger a Denial-of-Service (DoS) condition, due to a possible infinite loop in an internal calculation. For some ECC operations, this condition is triggered randomly; for others, it can be triggered by malicious input. The issue has been patched in version 2.2.0. Since this issue is only present in the "fallback" crypto implementation, it can be avoided by ensuring that either WebCrypto or the Node `crypto` module is available in the JS environment where `node-jose` is being run. • https://github.com/cisco/node-jose/commit/901d91508a70e3b9bdfc45688ea07bb4e1b8210d https://github.com/cisco/node-jose/security/advisories/GHSA-5h4j-qrvg-9xhw • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 1

node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for current web browsers and node.js-based servers. node-jose earlier than version 0.9.3 is vulnerable to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES) is used. node-jose es una implementación de JavaScript de JSON Object Signing and Encryption (JOSE) para los navegadores web actuales y los servidores basados en node.js. node-jose en versiones anteriores a la 0.9.3 es vulnerable a un ataque de curva inválida. Esto permite que un atacante recupere la clave privada secreta cuando se emplea JWE con ECDH-ES (Elliptic Curve Diffie-Hellman Ephemeral Static). • http://blog.intothesymmetry.com/2017/03/critical-vulnerability-in-json-web.html https://gist.github.com/asanso/fa25685348051ef6a28d49aa0f27a4ae https://github.com/cisco/node-jose https://nodesecurity.io/advisories/324 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 10

A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the JSON Web Signature (JWS) standard for JSON Web Tokens (JWTs). This standard specifies that a JSON Web Key (JWK) representing a public key can be embedded within the header of a JWS. This public key is then trusted for verification. An attacker could exploit this by forging valid JWS objects by removing the original signature, adding a new public key to the header, and then signing the object using the (attacker-owned) private key associated with the public key embedded in that JWS header. • https://www.exploit-db.com/exploits/44324 https://github.com/zi0Black/POC-CVE-2018-0114 https://github.com/j4k0m/CVE-2018-0114 https://github.com/scumdestroy/CVE-2018-0114 https://github.com/Eremiel/CVE-2018-0114 https://github.com/adityathebe/POC-CVE-2018-0114 https://github.com/Logeirs/CVE-2018-0114 https://github.com/Starry-lord/CVE-2018-0114 https://github.com/mmeza-developer/CVE-2018-0114 https://github.com/CyberSecurityUP/CVE-2018-0114-Exploit http://www&# • CWE-347: Improper Verification of Cryptographic Signature •