Name of the Vulnerable Software and Affected Versions: jwe versions 1.1.0 and below Description: The authentication tag of encrypted JWEs can be brute forced, potentially leading to a loss of confidentiality and the ability to craft arbitrary JWEs. This allows modification of JWEs to decrypt to an arbitrary value and decryption by observing parsing differences. The GCM internal GHASH key can be recovered. Users are affected even if they do not use an AES-GCM encryption algorithm. Recommendations: Upgrade to version 1.1.1. Rotate the encryption keys after upgrading to version…Read More