Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.bitbucket.b_c/jose4j@0.6.3
Typemaven
Namespaceorg.bitbucket.b_c
Namejose4j
Version0.6.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version0.9.6
Latest_non_vulnerable_version0.9.6
Affected_by_vulnerabilities
0
url VCID-8mj8-rxf8-qyau
vulnerability_id VCID-8mj8-rxf8-qyau
summary 
jose4j is vulnerable to DoS via compressed JWE content
In jose4j before 0.9.6, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29371.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29371.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-29371
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05185
published_at 2026-04-11T12:55:00Z
1
value 0.00019
scoring_system epss
scoring_elements 0.05099
published_at 2026-04-16T12:55:00Z
2
value 0.00019
scoring_system epss
scoring_elements 0.05156
published_at 2026-04-13T12:55:00Z
3
value 0.00019
scoring_system epss
scoring_elements 0.05114
published_at 2026-04-02T12:55:00Z
4
value 0.00019
scoring_system epss
scoring_elements 0.05143
published_at 2026-04-04T12:55:00Z
5
value 0.00019
scoring_system epss
scoring_elements 0.05165
published_at 2026-04-07T12:55:00Z
6
value 0.00019
scoring_system epss
scoring_elements 0.05198
published_at 2026-04-08T12:55:00Z
7
value 0.00019
scoring_system epss
scoring_elements 0.05216
published_at 2026-04-09T12:55:00Z
8
value 0.00019
scoring_system epss
scoring_elements 0.05169
published_at 2026-04-12T12:55:00Z
9
value 0.00023
scoring_system epss
scoring_elements 0.06067
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-29371
2
reference_url https://bitbucket.org/b_c/jose4j/commits/19a90a64c47bb07c4aa5462f1316d5c293d81fcf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/b_c/jose4j/commits/19a90a64c47bb07c4aa5462f1316d5c293d81fcf
3
reference_url https://bitbucket.org/b_c/jose4j/issues/220/vuln-zip-bomb-attack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T18:38:20Z/
url https://bitbucket.org/b_c/jose4j/issues/220/vuln-zip-bomb-attack
4
reference_url https://bitbucket.org/b_c/jose4j/wiki/Home
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/b_c/jose4j/wiki/Home
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2423194
reference_id 2423194
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2423194
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-29371
reference_id CVE-2024-29371
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-29371
8
reference_url https://github.com/advisories/GHSA-3677-xxcr-wjqv
reference_id GHSA-3677-xxcr-wjqv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3677-xxcr-wjqv
9
reference_url https://access.redhat.com/errata/RHSA-2024:5479
reference_id RHSA-2024:5479
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5479
10
reference_url https://access.redhat.com/errata/RHSA-2024:5481
reference_id RHSA-2024:5481
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5481
11
reference_url https://access.redhat.com/errata/RHSA-2024:5482
reference_id RHSA-2024:5482
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5482
12
reference_url https://access.redhat.com/errata/RHSA-2025:17299
reference_id RHSA-2025:17299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17299
fixed_packages
0
url pkg:maven/org.bitbucket.b_c/jose4j@0.9.6
purl pkg:maven/org.bitbucket.b_c/jose4j@0.9.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.9.6
aliases CVE-2024-29371, GHSA-3677-xxcr-wjqv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8mj8-rxf8-qyau
1
url VCID-h1az-byzj-z3gq
vulnerability_id VCID-h1az-byzj-z3gq
summary 
Chosen Ciphertext Attack in Jose4j
RSA1_5 in jose4j is susceptible to chosen ciphertext attacks. The attack allows to decrypt RSA1_5 or RSA_OAEP encrypted ciphertexts. It may be feasible to sign with affected keys.
references
0
reference_url https://bitbucket.org/b_c/jose4j/commits/14e62a8dee9decb4ff6e0625aedc5724601bfdb6
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/b_c/jose4j/commits/14e62a8dee9decb4ff6e0625aedc5724601bfdb6
1
reference_url https://bitbucket.org/b_c/jose4j/commits/63b86581e7bfcc2d9d04ee15caea4b5bfb911f59
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/b_c/jose4j/commits/63b86581e7bfcc2d9d04ee15caea4b5bfb911f59
2
reference_url https://bitbucket.org/b_c/jose4j/commits/tag/jose4j-0.9.3
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/b_c/jose4j/commits/tag/jose4j-0.9.3
3
reference_url https://github.com/google/security-research
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/google/security-research
4
reference_url https://github.com/advisories/GHSA-jgvc-jfgh-rjvv
reference_id GHSA-jgvc-jfgh-rjvv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jgvc-jfgh-rjvv
5
reference_url https://github.com/google/security-research/security/advisories/GHSA-jgvc-jfgh-rjvv
reference_id GHSA-jgvc-jfgh-rjvv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/google/security-research/security/advisories/GHSA-jgvc-jfgh-rjvv
fixed_packages
0
url pkg:maven/org.bitbucket.b_c/jose4j@0.9.3
purl pkg:maven/org.bitbucket.b_c/jose4j@0.9.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8mj8-rxf8-qyau
1
vulnerability VCID-wfmh-pkck-yfb3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.9.3
aliases GHSA-jgvc-jfgh-rjvv, GMS-2023-1246
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h1az-byzj-z3gq
2
url VCID-nuak-t68p-tuhr
vulnerability_id VCID-nuak-t68p-tuhr
summary 
jose4j uses weak cryptographic algorithm
jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31582.json
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31582.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-31582
reference_id
reference_type
scores
0
value 0.00167
scoring_system epss
scoring_elements 0.37894
published_at 2026-04-13T12:55:00Z
1
value 0.00167
scoring_system epss
scoring_elements 0.37878
published_at 2026-04-07T12:55:00Z
2
value 0.00167
scoring_system epss
scoring_elements 0.3792
published_at 2026-04-18T12:55:00Z
3
value 0.00167
scoring_system epss
scoring_elements 0.37956
published_at 2026-04-11T12:55:00Z
4
value 0.00167
scoring_system epss
scoring_elements 0.3794
published_at 2026-04-16T12:55:00Z
5
value 0.00167
scoring_system epss
scoring_elements 0.37928
published_at 2026-04-08T12:55:00Z
6
value 0.00167
scoring_system epss
scoring_elements 0.37974
published_at 2026-04-02T12:55:00Z
7
value 0.00167
scoring_system epss
scoring_elements 0.37999
published_at 2026-04-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-31582
2
reference_url https://bitbucket.org/b_c/jose4j
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/b_c/jose4j
3
reference_url https://bitbucket.org/b_c/jose4j/commits/1929fe3
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/b_c/jose4j/commits/1929fe3
4
reference_url https://bitbucket.org/b_c/jose4j/issues/203/insecure-support-of-setting-pbe-less-then
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T18:37:16Z/
url https://bitbucket.org/b_c/jose4j/issues/203/insecure-support-of-setting-pbe-less-then
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://github.com/KANIXB/JWTIssues/blob/main/jose4j%20issue.md
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T18:37:16Z/
url https://github.com/KANIXB/JWTIssues/blob/main/jose4j%20issue.md
7
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054872
reference_id 1054872
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054872
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2246370
reference_id 2246370
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2246370
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-31582
reference_id CVE-2023-31582
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-31582
10
reference_url https://github.com/advisories/GHSA-7g24-qg88-p43q
reference_id GHSA-7g24-qg88-p43q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7g24-qg88-p43q
11
reference_url https://access.redhat.com/errata/RHSA-2023:7678
reference_id RHSA-2023:7678
reference_type
scores
url https://access.redhat.com/errata/RHSA-2023:7678
fixed_packages
0
url pkg:maven/org.bitbucket.b_c/jose4j@0.9.3
purl pkg:maven/org.bitbucket.b_c/jose4j@0.9.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8mj8-rxf8-qyau
1
vulnerability VCID-wfmh-pkck-yfb3
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.9.3
aliases CVE-2023-31582, GHSA-7g24-qg88-p43q
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nuak-t68p-tuhr
3
url VCID-wfmh-pkck-yfb3
vulnerability_id VCID-wfmh-pkck-yfb3
summary 
jose4j denial of service via specifically crafted JWE
The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-51775.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-51775.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-51775
reference_id
reference_type
scores
0
value 0.00429
scoring_system epss
scoring_elements 0.62541
published_at 2026-04-18T12:55:00Z
1
value 0.00429
scoring_system epss
scoring_elements 0.62442
published_at 2026-04-02T12:55:00Z
2
value 0.00429
scoring_system epss
scoring_elements 0.62473
published_at 2026-04-04T12:55:00Z
3
value 0.00429
scoring_system epss
scoring_elements 0.6244
published_at 2026-04-07T12:55:00Z
4
value 0.00429
scoring_system epss
scoring_elements 0.62491
published_at 2026-04-08T12:55:00Z
5
value 0.00429
scoring_system epss
scoring_elements 0.62507
published_at 2026-04-09T12:55:00Z
6
value 0.00429
scoring_system epss
scoring_elements 0.62526
published_at 2026-04-11T12:55:00Z
7
value 0.00429
scoring_system epss
scoring_elements 0.62515
published_at 2026-04-12T12:55:00Z
8
value 0.00429
scoring_system epss
scoring_elements 0.62493
published_at 2026-04-13T12:55:00Z
9
value 0.00429
scoring_system epss
scoring_elements 0.62534
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-51775
2
reference_url https://bitbucket.org/b_c/jose4j/commits/1afaa1e174b3
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/b_c/jose4j/commits/1afaa1e174b3
3
reference_url https://bitbucket.org/b_c/jose4j/issues/212
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-01T18:51:39Z/
url https://bitbucket.org/b_c/jose4j/issues/212
4
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-51775
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-51775
6
reference_url https://security.netapp.com/advisory/ntap-20241108-0002
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20241108-0002
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2266921
reference_id 2266921
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2266921
8
reference_url https://github.com/advisories/GHSA-6qvw-249j-h44c
reference_id GHSA-6qvw-249j-h44c
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6qvw-249j-h44c
9
reference_url https://access.redhat.com/errata/RHSA-2024:3550
reference_id RHSA-2024:3550
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:3550
fixed_packages
0
url pkg:maven/org.bitbucket.b_c/jose4j@0.9.4
purl pkg:maven/org.bitbucket.b_c/jose4j@0.9.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-8mj8-rxf8-qyau
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.9.4
aliases CVE-2023-51775, GHSA-6qvw-249j-h44c
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wfmh-pkck-yfb3
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.6.3