Lucene search
GitHub_MCVELIST:CVE-2024-28122HistoryMar 09, 2024 - 12:45 a.m.
CVE-2024-28122 JWX vulnerable to a denial of service attack using compressed JWE message
2024-03-0900:45:50
CWE-400
GitHub_M
raw.githubusercontent.com
4
cve-2024-28122
denial-of-service
jwx
json web encryption
patched versions
JWX is Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. This issue has been patched in versions 1.2.29 and 2.0.21.
Related
ibm
ibm
veracode
veracode
Denial Of Service (DoS)
2024-03-11 06:02:37
prion
prion
Design/Logic Flaw
2024-03-09 01:15:00
redhatcve
redhatcve
CVE-2024-28122
2024-03-10 09:37:46
cgr
cgr
CVE-2024-28122 vulnerabilities
2024-05-19 03:07:16
osv
osv
cve
cve
CVE-2024-28122
2024-03-09 01:15:06
wolfi
wolfi
CVE-2024-28122 vulnerabilities
2024-05-29 03:07:31
github
github
JWX vulnerable to a denial of service attack using compressed JWE message
2024-03-08 15:06:53