Severity: high

Invalid Curve Attack



Affected versions of node-jose are vulnerable to an invalid curve attack. This allows an attacker to recover the private secret key when JWE with Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES) is used.

Proof of Concept


Update to version 0.9.3 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Mar 13th, 2017
  2. reported

    Mar 13th, 2017