org.bitbucket.b_c:jose4j@0.7.3 vulnerabilities
-
latest version
0.9.6
-
latest non vulnerable version
-
first published
10 years ago
-
latest version published
2 months ago
-
licenses detected
- [0.3.6,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.bitbucket.b_c:jose4j package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.bitbucket.b_c:jose4j is a robust and easy to use open source implementation of JSON Web Token (JWT) and the JOSE specification suite (JWS, JWE, and JWK). It is written in Java and relies solely on the JCA APIs for cryptography. Please see https://bitbucket.org/b_c/jose4j/wiki/Home for more info, examples, etc... Affected versions of this package are vulnerable to Denial of Service (DoS) via a large How to fix Denial of Service (DoS)? Upgrade |
[,0.9.4)
|
org.bitbucket.b_c:jose4j is a robust and easy to use open source implementation of JSON Web Token (JWT) and the JOSE specification suite (JWS, JWE, and JWK). It is written in Java and relies solely on the JCA APIs for cryptography. Please see https://bitbucket.org/b_c/jose4j/wiki/Home for more info, examples, etc... Affected versions of this package are vulnerable to Inadequate Encryption Strength through the iteration count setting, which can reduce the computational effort required to crack the encryption if it is set to a low value. How to fix Inadequate Encryption Strength? Upgrade |
[,0.9.3)
|
org.bitbucket.b_c:jose4j is a robust and easy to use open source implementation of JSON Web Token (JWT) and the JOSE specification suite (JWS, JWE, and JWK). It is written in Java and relies solely on the JCA APIs for cryptography. Please see https://bitbucket.org/b_c/jose4j/wiki/Home for more info, examples, etc... Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm due to using How to fix Use of a Broken or Risky Cryptographic Algorithm? Upgrade |
[,0.9.3)
|