erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value in a JOSE header.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| jose(Hex) | 0 | 1.11.7 | N/A |
CVSS Metrics
