org.bitbucket.b_c:jose4j (Maven) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the Maven package org.bitbucket.b_c:jose4j, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2024-29371 — CVSS 7.5 (high): In jose4j before 0.9.6, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token…
CVE-2023-51775 — CVSS 6.5 (medium): The jose4j component before 0.9.4 for Java allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2…