CVE-2022-36083: 
JavaScript vulnerability analysis and mitigation

CVE-2022-36083 affects JOSE (JSON Web Almost Everything), a library providing cryptographic operations for JWA, JWS, JWE, JWT, JWK, and JWKS in Node.js, Browser, Cloudflare Workers, Electron, and Deno environments. The vulnerability was discovered and disclosed on September 7, 2022. The issue specifically relates to the PBKDF2-based JWE key management algorithms and their handling of the p2c (PBES2 Count) JOSE Header Parameter (NVD).

The vulnerability centers on the PBKDF2-based JWE key management algorithms which use a JOSE Header Parameter named p2c (PBES2 Count) to determine the number of PBKDF2 iterations for deriving a CEK wrapping key. While this parameter is intended to slow down key derivation to prevent brute-force attacks, it can be exploited when JWE is received from untrusted sources. The vulnerability has a CVSS v3.1 score of 5.3 (Medium) (GHSA).

When exploited, this vulnerability can cause the user's environment to consume an unreasonable amount of CPU time. The impact is specifically limited to users utilizing JWE decryption APIs with symmetric secrets to decrypt JWEs from untrusted parties who do not limit the accepted JWE Key Management Algorithms using the keyManagementAlgorithms decryption option (GHSA).

The vulnerability has been patched in versions v1.28.2, v2.0.6, v3.20.4, and v4.9.2, which limit the maximum PBKDF2 iteration count to 10,000 by default. Users can adjust this limit using the newly introduced maxPBES2Count decryption option. For those unable to upgrade, alternative mitigations include using the keyManagementAlgorithms decryption option to disable accepting PBKDF2 altogether or inspecting the JOSE Header prior to using the decryption API to limit the PBKDF2 iteration count (GHSA).