node-jose is vulnerable to Denial Of Service (DoS). The vulnerability exists due to an infinite loop in the internal calculation for some ECC operations when using the library’s non-default “fallback” crypto back-end, when either WebCrypto or the crypto
module is unavailable, which allows an attacker to cause an application crash by providing malicious input.