Jose-php Project Jose-php — known CVE vulnerabilities
Every CVE whose affected-product data names Jose-php Project Jose-php, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2016-5430 — CVSS 5.3 (medium): The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php in jose-php before 2.2.1 lacks the Random Filling protection…
CVE-2016-5429 — CVSS 3.7 (low): jose-php before 2.2.1 does not use constant-time operations for HMAC comparison, which makes it easier for remote attackers to obtain…