Panva jose Weak Encryption Vulnerability in v6.0.10

Vulnerability

A vulnerability exists in the Panva jose library version 6.0.10, where the encryption methods employed are considered weak. Specifically, the HMAC and RSA key lengths used in the library's JSON Web Signature (JWS) implementation do not adhere to recommended security standards, potentially leading to vulnerabilities and attacks.

Impact

The weak encryption can result in inadequate protection of data, allowing for possible decryption or manipulation of information that should be secure.

Added: Aug 1, 2025, 3:18 PM

Updated: Aug 1, 2025, 4:33 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

1.3

exploitability

4.7

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

1.3

exploitability

4.7

remediation

0.0

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Panva jose Weak Encryption Vulnerability in v6.0.10

Vulnerability

Impact

Affected Products

panva jose

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating