-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from missing iteration count validation in PBES2 key derivation. The patch adds this validation in deriveForEncrypt(), indicating this was the vulnerable function. Runtime profiling would show this function processing encryption requests with weak parameters before mitigation. The function's fully qualified name matches Java package conventions and the explicit fix location referenced in advisory discussions.
JavaJava| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| org.bitbucket.b_c:jose4j | maven | < 0.9.3 | 0.9.3 |
KEV Misses 88% of Exploited CVEs- Get the report