Name of the Vulnerable Software and Affected Versions jose4j (affected versions not specified)

Description The issue in jose4j allows for chosen ciphertext attacks, enabling the decryption of RSA1 5 or RSA OAEP encrypted ciphertexts. This could potentially allow an attacker to sign with affected keys. The problem arises from distinguishable behavior in the decryption process when encountering invalid or incorrectly sized encrypted keys. A correct implementation should not exhibit such behavior, and ciphertexts with mismatched algorithms in the header and key should be rejected.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.