Reason Jose
1 CVEs
product
Monthly
reason-jose is a JOSE implementation in ReasonML and OCaml.`Jose.Jws.validate` does not check HS256 signatures. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Privilege Escalation
Jwt Attack
Reason Jose
NVD
GitHub
CVSS 3.1
9.8
EPSS
0.5%
EPSS 0%
CVSS 9.8
CRITICAL
PATCH
Act Now
reason-jose is a JOSE implementation in ReasonML and OCaml.`Jose.Jws.validate` does not check HS256 signatures. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Privilege Escalation
Jwt Attack
Reason Jose
NVD
GitHub