JSON Web Encryption (JWE) is an IETF standard providing a standardised syntax for the exchange of encrypted data, based on JSON and Base64.
Along with JSON Web Signature (JWS), it is one of the two possible formats of a JWT (JSON Web Token).
JWE forms part of the JavaScript Object Signing and Encryption (JOSE) suite of protocols.
[2] In March 2017, a serious flaw was discovered in many popular implementations of JWE, the invalid curve attack.
[3] One implementation of an early (pre-finalised) version of JWE also suffered from Bleichenbacher’s attack.