jose is vulnerable to denial of service. The vulnerability exists in the multiple functions in decrypt.ts
due to not limiting the computational expense of default PBES2 algorithm, allowing an attacker to crash the application by providing malicious input.
github.com/panva/jose/commit/03d6d013bf6e070e85adfe5731f526978e3e8e4d
github.com/panva/jose/commit/4e7121a58872f01cc5fc586d4907f857c23d0119
github.com/panva/jose/commit/c1512be6601a8b6e5a8193fbda9ecdf25349a1c2
github.com/panva/jose/commit/d530c30af5d5156552accfcdf0b059696e17c44c
github.com/panva/jose/releases/tag/v1.28.2
github.com/panva/jose/releases/tag/v2.0.6
github.com/panva/jose/releases/tag/v3.20.4
github.com/panva/jose/releases/tag/v4.9.2
github.com/panva/jose/security/advisories/GHSA-jv3g-j58f-9mq9