When using ECDH-ES an attacker can mount an invalid curve attack during decryption as the supplied public key is not checked to be on the same curve as the receivers private key.
{ "imports": [ { "path": "github.com/square/go-jose/cipher", "symbols": [ "DeriveECDHES" ] }, { "path": "github.com/square/go-jose", "symbols": [ "JsonWebEncryption.Decrypt", "JsonWebKey.UnmarshalJSON", "ecDecrypterSigner.decryptKey", "rawJsonWebKey.ecPublicKey" ] } ] }