jwcrypto@0.8 vulnerabilities

Implementation of JOSE Web standards

Known vulnerabilities in the jwcrypto package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Denial of Service (DoS) Affected versions of this package are vulnerable to Denial of Service (DoS) due to the `deserialize` function. An attacker can cause a denial of service by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and processing time. How to fix Denial of Service (DoS)? Upgrade `jwcrypto` to version 1.5.6 or higher.	[0.5.0,1.5.6)
M Allocation of Resources Without Limits or Throttling Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to an unbounded PBES2 Count value in the PBKDF2 algorithm. An attacker can cause a denial of service by supplying a large PBES2 Count value, leading to excessive computation. This is only exploitable if applications allow the use of the PBKDF2 algorithm. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `jwcrypto` to version 1.5.1 or higher.	[,1.5.1)
H Authentication Bypass Affected versions of this package are vulnerable to Authentication Bypass because it is possible to auto-detect the type of token being provided. This can lead the application to incorrect conclusions about the trustworthiness of the token. How to fix Authentication Bypass? Upgrade `jwcrypto` to version 1.4 or higher.	[,1.4)