JSON Web Encryption

JSON Web Encryption (JWE) is an IETF standard providing a standardised syntax for the exchange of encrypted data, based on JSON and Base64. It is defined by. Along with JSON Web Signature (JWS), it is one of the two possible formats of a JWT (JSON Web Token). JWE forms part of the JavaScript Object Signing and Encryption (JOSE) suite of protocols.

Vulnerabilities
In March 2017, a serious flaw was discovered in many popular implementations of JWE, the invalid curve attack.

One implementation of an early (pre-finalised) version of JWE also suffered from Bleichenbacher’s attack.