tekul
commented
7 years ago Since the library doesn't support elliptic-curve JWEs, I don't think it's vulnerable to this attack.
Closed alexanderkjeldaas closed 6 years ago
tekul
commented
7 years ago Since the library doesn't support elliptic-curve JWEs, I don't think it's vulnerable to this attack.
Is this library protected against the invalid curve attack?
http://blogs.adobe.com/security/2017/03/critical-vulnerability-uncovered-in-json-encryption.html
The attacks the library is secure against should be prominently displayed in the README.md as there has been a few in the last years.