You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The jose.4.j library is a robust and easy to use open source implementation of JSON Web Token (JWT) and the JOSE specification suite (JWS, JWE, and JWK).
It is written in Java and relies solely on the JCA APIs for cryptography.
Please see https://bitbucket.org/b_c/jose4j/wiki/Home for more info, examples, etc..
Path to dependency file: /data-prepper-plugins/kafka-plugins/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.bitbucket.b_c/jose4j/0.9.3/9670e11587194cb6b1b2edcaa688a3fab85b4148/jose4j-0.9.3.jar
Updates transitive dependencies to resolve CVE-2023-51775, CVE-2024-23944, CVE-2023-52428. Move some constraints such that they are only in the projects needing them. Resolves#4282, #4290, #4296.
Signed-off-by: David Venable <dlv@amazon.com>
CVE-2023-51775 - High Severity Vulnerability
Vulnerable Library - jose4j-0.9.3.jar
The jose.4.j library is a robust and easy to use open source implementation of JSON Web Token (JWT) and the JOSE specification suite (JWS, JWE, and JWK). It is written in Java and relies solely on the JCA APIs for cryptography. Please see https://bitbucket.org/b_c/jose4j/wiki/Home for more info, examples, etc..
Library home page: https://bitbucket.org/b_c/jose4j/
Path to dependency file: /data-prepper-plugins/kafka-plugins/build.gradle
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.bitbucket.b_c/jose4j/0.9.3/9670e11587194cb6b1b2edcaa688a3fab85b4148/jose4j-0.9.3.jar
Dependency Hierarchy:
Found in HEAD commit: 8827ebf9e6d6c55ade13e9cf7a6e39bc507c5afd
Found in base branch: main
Vulnerability Details
The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
Publish Date: 2024-02-29
URL: CVE-2023-51775
CVSS 3 Score Details (7.5)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://www.cve.org/CVERecord?id=CVE-2023-51775
Release Date: 2024-02-29
Fix Resolution: 0.9.4
The text was updated successfully, but these errors were encountered: