Open RaphaelManke opened 3 months ago
I think this should be prioritized:
jose 3.0.0 - 4.15.4
Severity: moderate
jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext - https://github.com/advisories/GHSA-hhhv-q57g-882q
Checklist
Description
The currently referenced version of
jose
should be upgraded to at least4.15.5
due to a vulnerability. In our (private) repo dependabot alerts on that.Reproduction
https://github.com/advisories/GHSA-hhhv-q57g-882q
Additional context
No response
nextjs-auth0 version
3.5.0
Next.js version
-
Node.js version
20