Headline
GHSA-7g24-qg88-p43q: jose4j uses weak cryptographic algorithm
jose4j before v0.9.3 allows attackers to set a low PBES2 iteration count of 1000 or less.
jose4j uses weak cryptographic algorithm
Moderate severity GitHub Reviewed Published Oct 25, 2023 to the GitHub Advisory Database • Updated Oct 27, 2023
Related news
Red Hat Security Advisory 2023-7678-03 - Red Hat AMQ Streams 2.6.0 is now available from the Red Hat Customer Portal. Issues addressed include XML injection, bypass, and open redirection vulnerabilities.
Red Hat Security Advisory 2023-7676-03 - An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a man-in-the-middle vulnerability.