Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.bitbucket.b_c/jose4j@0.9.3
purl pkg:maven/org.bitbucket.b_c/jose4j@0.9.3
Next non-vulnerable version 0.9.6
Latest non-vulnerable version 0.9.6
Risk 4.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-8mj8-rxf8-qyau
Aliases:
CVE-2024-29371
GHSA-3677-xxcr-wjqv
jose4j is vulnerable to DoS via compressed JWE content In jose4j before 0.9.6, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.
0.9.6
Affected by 0 other vulnerabilities.
VCID-wfmh-pkck-yfb3
Aliases:
CVE-2023-51775
GHSA-6qvw-249j-h44c
jose4j denial of service via specifically crafted JWE The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.
0.9.4
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-h1az-byzj-z3gq Chosen Ciphertext Attack in Jose4j RSA1_5 in jose4j is susceptible to chosen ciphertext attacks. The attack allows to decrypt RSA1_5 or RSA_OAEP encrypted ciphertexts. It may be feasible to sign with affected keys. GHSA-jgvc-jfgh-rjvv
GMS-2023-1246
VCID-nuak-t68p-tuhr jose4j uses weak cryptographic algorithm jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less. CVE-2023-31582
GHSA-7g24-qg88-p43q

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-17T00:03:25.749483+00:00 GitLab Importer Affected by VCID-8mj8-rxf8-qyau https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bitbucket.b_c/jose4j/CVE-2024-29371.yml 38.4.0
2026-04-16T22:52:48.759809+00:00 GitLab Importer Affected by VCID-wfmh-pkck-yfb3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bitbucket.b_c/jose4j/CVE-2023-51775.yml 38.4.0
2026-04-16T22:41:48.709444+00:00 GitLab Importer Fixing VCID-nuak-t68p-tuhr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bitbucket.b_c/jose4j/CVE-2023-31582.yml 38.4.0
2026-04-16T22:28:24.382110+00:00 GitLab Importer Fixing VCID-h1az-byzj-z3gq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bitbucket.b_c/jose4j/GMS-2023-1246.yml 38.4.0
2026-04-12T01:26:28.837509+00:00 GitLab Importer Affected by VCID-8mj8-rxf8-qyau https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bitbucket.b_c/jose4j/CVE-2024-29371.yml 38.3.0
2026-04-12T00:11:21.246892+00:00 GitLab Importer Affected by VCID-wfmh-pkck-yfb3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bitbucket.b_c/jose4j/CVE-2023-51775.yml 38.3.0
2026-04-12T00:01:19.623751+00:00 GitLab Importer Fixing VCID-nuak-t68p-tuhr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bitbucket.b_c/jose4j/CVE-2023-31582.yml 38.3.0
2026-04-11T23:46:52.438530+00:00 GitLab Importer Fixing VCID-h1az-byzj-z3gq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bitbucket.b_c/jose4j/GMS-2023-1246.yml 38.3.0
2026-04-03T01:35:08.877045+00:00 GitLab Importer Affected by VCID-8mj8-rxf8-qyau https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bitbucket.b_c/jose4j/CVE-2024-29371.yml 38.1.0
2026-04-03T00:17:26.920010+00:00 GitLab Importer Affected by VCID-wfmh-pkck-yfb3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bitbucket.b_c/jose4j/CVE-2023-51775.yml 38.1.0
2026-04-03T00:04:22.483680+00:00 GitLab Importer Fixing VCID-nuak-t68p-tuhr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bitbucket.b_c/jose4j/CVE-2023-31582.yml 38.1.0
2026-04-02T23:50:20.302288+00:00 GitLab Importer Fixing VCID-h1az-byzj-z3gq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bitbucket.b_c/jose4j/GMS-2023-1246.yml 38.1.0
2026-04-02T17:00:35.427718+00:00 GHSA Importer Fixing VCID-nuak-t68p-tuhr https://github.com/advisories/GHSA-7g24-qg88-p43q 38.1.0
2026-04-02T16:59:26.937707+00:00 GHSA Importer Fixing VCID-h1az-byzj-z3gq https://github.com/advisories/GHSA-jgvc-jfgh-rjvv 38.1.0
2026-04-01T12:57:37.764858+00:00 GithubOSV Importer Fixing VCID-h1az-byzj-z3gq https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-jgvc-jfgh-rjvv/GHSA-jgvc-jfgh-rjvv.json 38.0.0
2026-04-01T12:57:22.257246+00:00 GithubOSV Importer Fixing VCID-nuak-t68p-tuhr https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-7g24-qg88-p43q/GHSA-7g24-qg88-p43q.json 38.0.0
2026-04-01T12:52:02.270931+00:00 GitLab Importer Fixing VCID-nuak-t68p-tuhr https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bitbucket.b_c/jose4j/CVE-2023-31582.yml 38.0.0
2026-04-01T12:51:13.887923+00:00 GitLab Importer Fixing VCID-h1az-byzj-z3gq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.bitbucket.b_c/jose4j/GMS-2023-1246.yml 38.0.0