b_c / jose4j / issues / #213 - Security and trust from Google play for contentEncryptionKeyAlgorithm — Bitbucket

Issue #213 closed

Amit Nadir created an issue 2023-12-11

Google Play Console has identified a security and trust issue in this class: org.jose4j.jwe.ContentEncryptionKeyDescriptor

pointing to the String variable contentEncryptionKeyAlgorithm in jose4j version 0.7.9. It looks strange since this variable is not assigned with any static keys.

google_play_contentEncryptionKeyAlgorithm.png

Comments (5)

Amit Nadir reporter
- changed title to Security and trust from Google play for contentEncryptionKeyAlgorithm
- 2023-12-11T18:57:26+00:00
Brian Campbell repo owner
- changed status to open
- 2023-12-11T19:27:05+00:00
Amit Nadir reporter
- edited description
- 2023-12-13T09:26:48+00:00
Amit Nadir reporter
It seems that updating jose4j from version 0.7.9 to 0.9.3 fixed this issue.
This issue can be closed, thanks.
- 2023-12-13T14:32:10+00:00
Brian Campbell repo owner
- changed status to closed
- 2023-12-13T17:12:45+00:00
Log in to comment

Assignee: –

Type: bug

Priority: major

Status: closed

Votes: 0

Watchers: 3

Jira: the preferred issue tracker for Bitbucket. Join the team!