node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for current web browsers and node.js-based servers. node-jose earlier than version 0.9.3 is vulnerable to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES) is used.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: hackerone
Published: 2018-06-04T19:00:00Z
Updated: 2024-09-16T18:23:49.490Z
Reserved: 2017-10-29T00:00:00
Link: CVE-2017-16007
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-06-04T19:29:00.617
Modified: 2024-11-21T03:15:39.300
Link: CVE-2017-16007
Redhat
No data.