github.com/square/go-jose is vulnerable to invalid curve attacks. These attacks are possible when using key agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES), allowing attackers to recover the private secret key.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/square/go-jose | eq | HEAD | |
github.com/square/go-jose | le | 2.0.1 |