Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-nuak-t68p-tuhr

Summary

jose4j uses weak cryptographic algorithm
jose4j before v0.9.3 allows attackers to set a low iteration count of 1000 or less.

Aliases

alias	CVE-2023-31582

alias	GHSA-7g24-qg88-p43q

Fixed_packages

url	pkg:deb/debian/libjose4j-java@0.7.12-2?distro=trixie
purl	pkg:deb/debian/libjose4j-java@0.7.12-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjose4j-java@0.7.12-2%3Fdistro=trixie

url	pkg:deb/debian/libjose4j-java@0.9.6-1?distro=trixie
purl	pkg:deb/debian/libjose4j-java@0.9.6-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/libjose4j-java@0.9.6-1%3Fdistro=trixie

url pkg:maven/org.bitbucket.b_c/jose4j@0.9.3

purl pkg:maven/org.bitbucket.b_c/jose4j@0.9.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.9.3

Affected_packages

url pkg:maven/org.bitbucket.b_c/jose4j@0.3.6

purl pkg:maven/org.bitbucket.b_c/jose4j@0.3.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-qmy2-2q3f-7kar

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.3.6

url pkg:maven/org.bitbucket.b_c/jose4j@0.3.7

purl pkg:maven/org.bitbucket.b_c/jose4j@0.3.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.3.7

url pkg:maven/org.bitbucket.b_c/jose4j@0.3.8

purl pkg:maven/org.bitbucket.b_c/jose4j@0.3.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.3.8

url pkg:maven/org.bitbucket.b_c/jose4j@0.3.9

purl pkg:maven/org.bitbucket.b_c/jose4j@0.3.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.3.9

url pkg:maven/org.bitbucket.b_c/jose4j@0.4.0

purl pkg:maven/org.bitbucket.b_c/jose4j@0.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.4.0

url pkg:maven/org.bitbucket.b_c/jose4j@0.4.1

purl pkg:maven/org.bitbucket.b_c/jose4j@0.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.4.1

url pkg:maven/org.bitbucket.b_c/jose4j@0.4.2

purl pkg:maven/org.bitbucket.b_c/jose4j@0.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.4.2

url pkg:maven/org.bitbucket.b_c/jose4j@0.4.4

purl pkg:maven/org.bitbucket.b_c/jose4j@0.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.4.4

url pkg:maven/org.bitbucket.b_c/jose4j@0.5.0

purl pkg:maven/org.bitbucket.b_c/jose4j@0.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.5.0

url pkg:maven/org.bitbucket.b_c/jose4j@0.5.1

purl pkg:maven/org.bitbucket.b_c/jose4j@0.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.5.1

url pkg:maven/org.bitbucket.b_c/jose4j@0.5.2

purl pkg:maven/org.bitbucket.b_c/jose4j@0.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.5.2

url pkg:maven/org.bitbucket.b_c/jose4j@0.5.3

purl pkg:maven/org.bitbucket.b_c/jose4j@0.5.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.5.3

url pkg:maven/org.bitbucket.b_c/jose4j@0.5.4

purl pkg:maven/org.bitbucket.b_c/jose4j@0.5.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.5.4

url pkg:maven/org.bitbucket.b_c/jose4j@0.5.5

purl pkg:maven/org.bitbucket.b_c/jose4j@0.5.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.5.5

url pkg:maven/org.bitbucket.b_c/jose4j@0.5.6

purl pkg:maven/org.bitbucket.b_c/jose4j@0.5.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.5.6

url pkg:maven/org.bitbucket.b_c/jose4j@0.5.7

purl pkg:maven/org.bitbucket.b_c/jose4j@0.5.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.5.7

url pkg:maven/org.bitbucket.b_c/jose4j@0.5.8

purl pkg:maven/org.bitbucket.b_c/jose4j@0.5.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.5.8

url pkg:maven/org.bitbucket.b_c/jose4j@0.6.0

purl pkg:maven/org.bitbucket.b_c/jose4j@0.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.6.0

url pkg:maven/org.bitbucket.b_c/jose4j@0.6.1

purl pkg:maven/org.bitbucket.b_c/jose4j@0.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.6.1

url pkg:maven/org.bitbucket.b_c/jose4j@0.6.2

purl pkg:maven/org.bitbucket.b_c/jose4j@0.6.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.6.2

url pkg:maven/org.bitbucket.b_c/jose4j@0.6.3

purl pkg:maven/org.bitbucket.b_c/jose4j@0.6.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.6.3

url pkg:maven/org.bitbucket.b_c/jose4j@0.6.4

purl pkg:maven/org.bitbucket.b_c/jose4j@0.6.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.6.4

url pkg:maven/org.bitbucket.b_c/jose4j@0.6.5

purl pkg:maven/org.bitbucket.b_c/jose4j@0.6.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.6.5

url pkg:maven/org.bitbucket.b_c/jose4j@0.7.0

purl pkg:maven/org.bitbucket.b_c/jose4j@0.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.7.0

url pkg:maven/org.bitbucket.b_c/jose4j@0.7.1

purl pkg:maven/org.bitbucket.b_c/jose4j@0.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.7.1

url pkg:maven/org.bitbucket.b_c/jose4j@0.7.2

purl pkg:maven/org.bitbucket.b_c/jose4j@0.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.7.2

url pkg:maven/org.bitbucket.b_c/jose4j@0.7.3

purl pkg:maven/org.bitbucket.b_c/jose4j@0.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.7.3

url pkg:maven/org.bitbucket.b_c/jose4j@0.7.4

purl pkg:maven/org.bitbucket.b_c/jose4j@0.7.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.7.4

url pkg:maven/org.bitbucket.b_c/jose4j@0.7.5

purl pkg:maven/org.bitbucket.b_c/jose4j@0.7.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.7.5

url pkg:maven/org.bitbucket.b_c/jose4j@0.7.6

purl pkg:maven/org.bitbucket.b_c/jose4j@0.7.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.7.6

url pkg:maven/org.bitbucket.b_c/jose4j@0.7.7

purl pkg:maven/org.bitbucket.b_c/jose4j@0.7.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.7.7

url pkg:maven/org.bitbucket.b_c/jose4j@0.7.8

purl pkg:maven/org.bitbucket.b_c/jose4j@0.7.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.7.8

url pkg:maven/org.bitbucket.b_c/jose4j@0.7.9

purl pkg:maven/org.bitbucket.b_c/jose4j@0.7.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.7.9

url pkg:maven/org.bitbucket.b_c/jose4j@0.7.10

purl pkg:maven/org.bitbucket.b_c/jose4j@0.7.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.7.10

url pkg:maven/org.bitbucket.b_c/jose4j@0.7.11

purl pkg:maven/org.bitbucket.b_c/jose4j@0.7.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.7.11

url pkg:maven/org.bitbucket.b_c/jose4j@0.7.12

purl pkg:maven/org.bitbucket.b_c/jose4j@0.7.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.7.12

url pkg:maven/org.bitbucket.b_c/jose4j@0.8.0

purl pkg:maven/org.bitbucket.b_c/jose4j@0.8.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.8.0

url pkg:maven/org.bitbucket.b_c/jose4j@0.9.0

purl pkg:maven/org.bitbucket.b_c/jose4j@0.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.9.0

url pkg:maven/org.bitbucket.b_c/jose4j@0.9.1

purl pkg:maven/org.bitbucket.b_c/jose4j@0.9.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.9.1

url pkg:maven/org.bitbucket.b_c/jose4j@0.9.2

purl pkg:maven/org.bitbucket.b_c/jose4j@0.9.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8mj8-rxf8-qyau

vulnerability	VCID-h1az-byzj-z3gq

vulnerability	VCID-nuak-t68p-tuhr

vulnerability	VCID-wfmh-pkck-yfb3

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.bitbucket.b_c/jose4j@0.9.2

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31582.json

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31582.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-31582

reference_id

reference_type

scores

value	0.00167
scoring_system	epss
scoring_elements	0.37452
published_at	2026-05-14T12:55:00Z

value	0.00167
scoring_system	epss
scoring_elements	0.37928
published_at	2026-04-08T12:55:00Z

value	0.00167
scoring_system	epss
scoring_elements	0.3794
published_at	2026-04-16T12:55:00Z

value	0.00167
scoring_system	epss
scoring_elements	0.37956
published_at	2026-04-11T12:55:00Z

value	0.00167
scoring_system	epss
scoring_elements	0.3792
published_at	2026-04-18T12:55:00Z

value	0.00167
scoring_system	epss
scoring_elements	0.37894
published_at	2026-04-13T12:55:00Z

value	0.00167
scoring_system	epss
scoring_elements	0.37857
published_at	2026-04-21T12:55:00Z

value	0.00167
scoring_system	epss
scoring_elements	0.37615
published_at	2026-04-24T12:55:00Z

value	0.00167
scoring_system	epss
scoring_elements	0.37593
published_at	2026-04-26T12:55:00Z

value	0.00167
scoring_system	epss
scoring_elements	0.37503
published_at	2026-04-29T12:55:00Z

value	0.00167
scoring_system	epss
scoring_elements	0.3739
published_at	2026-05-05T12:55:00Z

value	0.00167
scoring_system	epss
scoring_elements	0.37459
published_at	2026-05-07T12:55:00Z

value	0.00167
scoring_system	epss
scoring_elements	0.3748
published_at	2026-05-09T12:55:00Z

value	0.00167
scoring_system	epss
scoring_elements	0.37398
published_at	2026-05-11T12:55:00Z

value	0.00167
scoring_system	epss
scoring_elements	0.37371
published_at	2026-05-12T12:55:00Z

value	0.00167
scoring_system	epss
scoring_elements	0.37974
published_at	2026-04-02T12:55:00Z

value	0.00167
scoring_system	epss
scoring_elements	0.37999
published_at	2026-04-04T12:55:00Z

value	0.00167
scoring_system	epss
scoring_elements	0.37878
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-31582

reference_url

https://bitbucket.org/b_c/jose4j

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bitbucket.org/b_c/jose4j

reference_url

https://bitbucket.org/b_c/jose4j/commits/1929fe3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bitbucket.org/b_c/jose4j/commits/1929fe3

reference_url

https://bitbucket.org/b_c/jose4j/issues/203/insecure-support-of-setting-pbe-less-then

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T18:37:16Z/

url

https://bitbucket.org/b_c/jose4j/issues/203/insecure-support-of-setting-pbe-less-then

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/KANIXB/JWTIssues/blob/main/jose4j%20issue.md

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T18:37:16Z/

url

https://github.com/KANIXB/JWTIssues/blob/main/jose4j%20issue.md

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054872
reference_id	1054872
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1054872

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2246370
reference_id	2246370
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2246370

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-31582

reference_id

CVE-2023-31582

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-31582

reference_url

https://github.com/advisories/GHSA-7g24-qg88-p43q

reference_id

GHSA-7g24-qg88-p43q

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7g24-qg88-p43q

reference_url	https://access.redhat.com/errata/RHSA-2023:7678
reference_id	RHSA-2023:7678
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7678

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	331
name	Insufficient Entropy
description	The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	327
name	Use of a Broken or Risky Cryptographic Algorithm
description	The product uses a broken or risky cryptographic algorithm or protocol.

Exploits

Severity_range_score 3.1 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nuak-t68p-tuhr

Vulnerability Instance