Vulnerability Database

299,758

Total vulnerabilities in the database

CVE-2023-50966

erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value in a JOSE header.

Published: Mar 19, 2024
Updated: May 4, 2025
CVE: CVE-2023-50966
GHSA: GHSA-9mg4-v392-8j68
Severity: Medium
Exploit:

CVSS v3:

Severity: Unknown
Score:
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWEs:

CWE-400

Affected Software
References

Software	From	Fixed in
jose	-	1.11.7

https://github.com/P3ngu1nW/CVE_Request/blob/main/erlang-jose.md
https://github.com/potatosalad/erlang-jose
https://github.com/potatosalad/erlang-jose/commit/718d213f07b08056737923f8063d5df56dcb66ae
https://hexdocs.pm/jose/JOSE.html

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo