Product:

Reason\-Jose

(Reason\-Jose_project)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 1
Date Id Summary Products Score Patch Annotated
2023-02-01 CVE-2023-23928 reason-jose is a JOSE implementation in ReasonML and OCaml.`Jose.Jws.validate` does not check HS256 signatures. This allows tampering of JWS header and payload data if the service does not perform additional checks. Such tampering could expose applications using reason-jose to authorization bypass. Applications relying on JWS claims assertion to enforce security boundaries may be vulnerable to privilege escalation. This issue has been patched in version 0.8.2. Reason\-Jose 9.8