Lucene search
K

8 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2024/04/25 6:27 p.m.20 views

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in JWx [CVE-2024-28122]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a denial of service in JWx, caused by a flaw when using a compressed JWE message CVE-2024-28122 . JWx is included as part of the utilities used by our Speech Services. This vulnerabilitiy has been addressed...

6.8CVSS6.5AI score0.0057EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2024/03/10 9:37 a.m.29 views

CVE-2024-28122

An uncontrolled resource consumption vulnerability was found in jwx. This flaw allows an attacker with a trusted public key to cause a denial of service condition by crafting a malicious JWE token with an exceptionally high compression ratio...

6.8CVSS6.3AI score0.0057EPSS
Exploits1References4
Circl
Circl
added 2024/03/09 2:26 a.m.6 views

CVE-2024-28122

creationtimestamp| type| source ---|---|--- 2024-03-09 02:26:39+00:00| seen| https://t.me/ctinow/203722 2024-03-09 02:31:48+00:00| seen| https://t.me/ctinow/203726 2024-03-10 10:46:12+00:00| seen| https://t.me/ctinow/204203 2025-04-16 15:56:05+00:00| published-proof-of-concept|...

6.8CVSS6.2AI score0.0057EPSS
Exploits1References4
Chainguard
Chainguard
added 2024/03/09 1:15 a.m.89 views

CVE-2024-28122 vulnerabilities

Vulnerabilities for packages: falco, falcoctl, mc-fips, spire-server, boring-registry-fips, minio, mc, boring-registry, minio-fips, spire-server-fips, external-secrets-fips, falcoctl-fips...

6.8CVSS6.7AI score0.0057EPSS
Exploits1
Wolfi
Wolfi
added 2024/03/09 1:15 a.m.47 views

CVE-2024-28122 vulnerabilities

Vulnerabilities for packages: spire-server, mc, minio, falcoctl, boring-registry, falco...

6.8CVSS6.7AI score0.0057EPSS
Exploits1
OSV
OSV
added 2024/03/09 12:45 a.m.5 views

CVE-2024-28122 JWX vulnerable to a denial of service attack using compressed JWE message

JWX is Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high...

6.8CVSS6.4AI score0.0057EPSS
Exploits1References5
Cvelist
Cvelist
added 2024/03/09 12:45 a.m.29 views

CVE-2024-28122 JWX vulnerable to a denial of service attack using compressed JWE message

JWX is Go module implementing various JWx JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE technologies. This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high...

6.8CVSS6.6AI score0.0057EPSS
Exploits1References3
CVE
CVE
added 2024/03/09 12:45 a.m.395 views

CVE-2024-28122

CVE-2024-28122 (JWx) is a DoS vulnerability in the Go JOSE library (jwx) where an attacker with a trusted public key can craft a JWE with an exceptionally high compression ratio to exhaust resources. The issue affects the JWx modules and has been patched in versions 1.2.29 and 2.0.21. Public deta...

6.8CVSS6.3AI score0.0057EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder