What is CVE-2018-0114?

CVE-2018-0114 is a vulnerability in Node-jose Library, classified under Improper Verification of Cryptographic Signature. Published 2018-01-04.

Is CVE-2018-0114 known to be exploited?

44 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Node-jose Library

CVE-2018-0114

A vulnerability in the Cisco node-jose open source library before 0.11.0 could allow an unauthenticated, remote attacker to re-sign tokens using a key that is embedded within the token. The vulnerability is due to node-jose following the J…

EPSS: 0.847 (99.4th percentile) — read the EPSS interpretation.

Affected products

N/a Node-jose Library — versions Node-jose Library

Weakness classification (CWE)

CWE-347 — Improper Verification of Cryptographic Signature

Public proof-of-concept exploits

References

tools.cisco.com/security/center/viewAlert.x (x_refsource_CONFIRM)
github.com/zi0Black/POC-CVE-2018-0114 (x_refsource_MISC)
github.com/cisco/node-jose/blob/master/CHANGELOG.md (x_refsource_CONFIRM)
44324 (exploit, x_refsource_EXPLOIT-DB)
102445 (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2018-0114?: CVE-2018-0114 is a vulnerability in Node-jose Library, classified under Improper Verification of Cryptographic Signature. Published 2018-01-04.
Is CVE-2018-0114 known to be exploited?: 44 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.