8 matches found
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in JWx [CVE-2024-28122]
Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in JWx, caused by a flaw when using a compressed JWE message CVE-2024-28122 . JWx is included as part of the utilities used by our Speech Services. This vulnerabilitiy has been addressed...
CVE-2024-28122
An uncontrolled resource consumption vulnerability was found in jwx. This flaw allows an attacker with a trusted public key to cause a denial of service condition by crafting a malicious JWE token with an exceptionally high compression ratio...
CVE-2024-28122
creationtimestamp| type| source ---|---|--- 2024-03-09 02:26:39+00:00| seen| https://t.me/ctinow/203722 2024-03-09 02:31:48+00:00| seen| https://t.me/ctinow/203726 2024-03-10 10:46:12+00:00| seen| https://t.me/ctinow/204203 2025-04-16 15:56:05+00:00| published-proof-of-concept|...
CVE-2024-28122 vulnerabilities
Vulnerabilities for packages: falco, falcoctl, mc-fips, spire-server, boring-registry-fips, minio, mc, boring-registry, minio-fips, spire-server-fips, external-secrets-fips, falcoctl-fips...
CVE-2024-28122 vulnerabilities
Vulnerabilities for packages: spire-server, mc, minio, falcoctl, boring-registry, falco...
CVE-2024-28122 JWX vulnerable to a denial of service attack using compressed JWE message
JWX is Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high...
CVE-2024-28122 JWX vulnerable to a denial of service attack using compressed JWE message
JWX is Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high...
CVE-2024-28122
CVE-2024-28122 (JWx) is a DoS vulnerability in the Go JOSE library (jwx) where an attacker with a trusted public key can craft a JWE with an exceptionally high compression ratio to exhaust resources. The issue affects the JWx modules and has been patched in versions 1.2.29 and 2.0.21. Public deta...