0.0004 Low
EPSS
Percentile
15.1%
An uncontrolled resource consumption vulnerability was found in jwx. This flaw allows an attacker with a trusted public key to cause a denial of service condition by crafting a malicious JWE token with an exceptionally high compression ratio.
bugzilla.redhat.com/show_bug.cgi?id=2268761
github.com/lestrrat-go/jwx/security/advisories/GHSA-hj3v-m684-v259
nvd.nist.gov/vuln/detail/CVE-2024-28122
www.cve.org/CVERecord?id=CVE-2024-28122