Comparing version 1.28.1 to 1.28.2
@@ -43,3 +43,3 @@ const { inflateRawSync } = require('zlib') | ||
*/ | ||
const jweDecrypt = (skipValidateHeaders, serialization, jwe, key, { crit = [], complete = false, algorithms } = {}) => { | ||
const jweDecrypt = (skipValidateHeaders, serialization, jwe, key, { crit = [], complete = false, algorithms, maxPBES2Count = 10000 } = {}) => { | ||
key = getKey(key, true) | ||
@@ -128,2 +128,8 @@ | ||
if (alg.startsWith('PBES2')) { | ||
if (opts && opts.p2c > maxPBES2Count) { | ||
throw new errors.JWEInvalid('JOSE Header "p2c" (PBES2 Count) out is of acceptable bounds') | ||
} | ||
} | ||
try { | ||
@@ -130,0 +136,0 @@ if (alg === 'dir') { |
{ | ||
"name": "jose", | ||
"version": "1.28.1", | ||
"version": "1.28.2", | ||
"description": "JSON Web Almost Everything - JWA, JWS, JWE, JWK, JWT, JWKS for Node.js with minimal dependencies", | ||
@@ -5,0 +5,0 @@ "keywords": [ |
@@ -409,2 +409,3 @@ /// <reference types="node" /> | ||
algorithms?: string[]; | ||
maxPBES2Count?: number; | ||
} | ||
@@ -411,0 +412,0 @@ |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
4864
210015
91