Gaurav Jetly created KAFKA-14994: ------------------------------------ Summary: jose4j is vulnerable to CVE- Improper Cryptographic Algorithm Key: KAFKA-14994 URL: https://issues.apache.org/jira/browse/KAFKA-14994 Project: Kafka Issue Type: Bug Affects Versions: 3.4.0 Reporter: Gaurav Jetly
Jose4j has the following vulnerability with high score of 7.1. jose4j is vulnerable to Improper Cryptographic Algorithm. The vulnerability exists due to the way `RSA1_5` and `RSA_OAEP` is implemented, allowing an attacker to decrypt `RSA1_5` or `RSA_OAEP` encrypted ciphertexts, and in addition, it may be feasible to sign with affected keys. Please help upgrade the library to latest version Current version in use: 0.7.9 Latest version with the fix: 0.9.3 CVE- - Improper Cryptographic Algorithm - Severity: HIGH - CVSS: 7.1 - Disclosure Date: 07 Feb 2023 19:00PM EST - Vulnerability Info: https://sca.analysiscenter.veracode.com/vulnerability-database/vulnerabilities/40398 -- This message was sent by Atlassian Jira (v8.20.10#820010)