CVE-2017-16007

Name of the Vulnerable Software and Affected Versions: node-jose versions prior to 0.9.3

Description: The issue allows an attacker to recover the private secret key when JWE with Key Agreement with Elliptic Curve Diffie-Hellman Ephemeral Static (ECDH-ES) is used, due to an invalid curve attack.

Recommendations: Update to version 0.9.3 or later.