Critical vulnerability in JSON Web Encryption (JWE) - RFC 7516 Invalid Curve attack

We found an issue in the JWE specification where it fails to warn the implementers about Invalid Curve attack. We found several libraries to be vulnerable : node-jose, jose2go, Nimbus JOSE+JWT and jose4j and in the process of filing an errata for the RFC. We report the vulnerabilities to the maintainers that promptly fixed the issue. We also wrote a blog post about it in order to reach the highest number of people potentially vulnerable. You can find the write up in [0,1,2]. [0] http://blog.intothesymmetry.com/2017/03/critical-vulnerability-in-json-web.html [1] http://blogs.adobe.com/security/2017/03/critical-vulnerability-uncovered-in-json-encryption.html [2] https://auth0.com/blog/critical-vulnerability-in-json-web-encryption/