CVE-2023-50966

Published: Mar 19, 2024
Updated: May 4, 2025
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-50966" target="_blank" rel="noopener"> CVE-2023-50966
GHSA: <a href="https://github.com/advisories/GHSA-9mg4-v392-8j68" target="_blank" rel="noopener"> GHSA-9mg4-v392-8j68
Severity: Medium
Exploit:

erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value in a JOSE header.