Vulnerability Details CVE-2024-28122
JWX is Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. This issue has been patched in versions 1.2.29 and 2.0.21.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 36.2%
CVSS Severity
CVSS v3 Score 6.8
References
- https://github.com/lestrrat-go/jwx/releases/tag/v1.2.29
- https://github.com/lestrrat-go/jwx/releases/tag/v2.0.21
- https://github.com/lestrrat-go/jwx/security/advisories/GHSA-hj3v-m684-v259
- https://github.com/lestrrat-go/jwx/releases/tag/v1.2.29
- https://github.com/lestrrat-go/jwx/releases/tag/v2.0.21
- https://github.com/lestrrat-go/jwx/security/advisories/GHSA-hj3v-m684-v259
Products affected by CVE-2024-28122
-
cpe:2.3:a:lestrrat-go:jwx:0.9.0
-
cpe:2.3:a:lestrrat-go:jwx:0.9.1
-
cpe:2.3:a:lestrrat-go:jwx:0.9.2
-
cpe:2.3:a:lestrrat-go:jwx:1.0.0
-
cpe:2.3:a:lestrrat-go:jwx:1.0.1
-
cpe:2.3:a:lestrrat-go:jwx:1.0.2
-
cpe:2.3:a:lestrrat-go:jwx:1.0.3
-
cpe:2.3:a:lestrrat-go:jwx:1.0.4
-
cpe:2.3:a:lestrrat-go:jwx:1.0.5
-
cpe:2.3:a:lestrrat-go:jwx:1.0.6
-
cpe:2.3:a:lestrrat-go:jwx:1.0.7
-
cpe:2.3:a:lestrrat-go:jwx:1.0.8
-
cpe:2.3:a:lestrrat-go:jwx:1.1.0
-
cpe:2.3:a:lestrrat-go:jwx:1.1.1
-
cpe:2.3:a:lestrrat-go:jwx:1.1.2
-
cpe:2.3:a:lestrrat-go:jwx:1.1.3
-
cpe:2.3:a:lestrrat-go:jwx:1.1.4
-
cpe:2.3:a:lestrrat-go:jwx:1.1.5
-
cpe:2.3:a:lestrrat-go:jwx:1.1.6
-
cpe:2.3:a:lestrrat-go:jwx:1.1.7
-
cpe:2.3:a:lestrrat-go:jwx:1.1.8
-
cpe:2.3:a:lestrrat-go:jwx:1.2.0
-
cpe:2.3:a:lestrrat-go:jwx:1.2.1
-
cpe:2.3:a:lestrrat-go:jwx:1.2.10
-
cpe:2.3:a:lestrrat-go:jwx:1.2.11
-
cpe:2.3:a:lestrrat-go:jwx:1.2.12
-
cpe:2.3:a:lestrrat-go:jwx:1.2.13
-
cpe:2.3:a:lestrrat-go:jwx:1.2.14
-
cpe:2.3:a:lestrrat-go:jwx:1.2.15
-
cpe:2.3:a:lestrrat-go:jwx:1.2.16
-
cpe:2.3:a:lestrrat-go:jwx:1.2.17
-
cpe:2.3:a:lestrrat-go:jwx:1.2.18
-
cpe:2.3:a:lestrrat-go:jwx:1.2.19
-
cpe:2.3:a:lestrrat-go:jwx:1.2.2
-
cpe:2.3:a:lestrrat-go:jwx:1.2.20
-
cpe:2.3:a:lestrrat-go:jwx:1.2.21
-
cpe:2.3:a:lestrrat-go:jwx:1.2.22
-
cpe:2.3:a:lestrrat-go:jwx:1.2.23
-
cpe:2.3:a:lestrrat-go:jwx:1.2.24
-
cpe:2.3:a:lestrrat-go:jwx:1.2.25
-
cpe:2.3:a:lestrrat-go:jwx:1.2.26
-
cpe:2.3:a:lestrrat-go:jwx:1.2.27
-
cpe:2.3:a:lestrrat-go:jwx:1.2.3
-
cpe:2.3:a:lestrrat-go:jwx:1.2.4
-
cpe:2.3:a:lestrrat-go:jwx:1.2.5
-
cpe:2.3:a:lestrrat-go:jwx:1.2.6
-
cpe:2.3:a:lestrrat-go:jwx:1.2.7
-
cpe:2.3:a:lestrrat-go:jwx:1.2.8
-
cpe:2.3:a:lestrrat-go:jwx:1.2.9
-
cpe:2.3:a:lestrrat-go:jwx:2.0.0
-
cpe:2.3:a:lestrrat-go:jwx:2.0.1
-
cpe:2.3:a:lestrrat-go:jwx:2.0.10
-
cpe:2.3:a:lestrrat-go:jwx:2.0.11
-
cpe:2.3:a:lestrrat-go:jwx:2.0.12
-
cpe:2.3:a:lestrrat-go:jwx:2.0.13
-
cpe:2.3:a:lestrrat-go:jwx:2.0.14
-
cpe:2.3:a:lestrrat-go:jwx:2.0.15
-
cpe:2.3:a:lestrrat-go:jwx:2.0.16
-
cpe:2.3:a:lestrrat-go:jwx:2.0.17
-
cpe:2.3:a:lestrrat-go:jwx:2.0.18
-
cpe:2.3:a:lestrrat-go:jwx:2.0.19
-
cpe:2.3:a:lestrrat-go:jwx:2.0.2
-
cpe:2.3:a:lestrrat-go:jwx:2.0.3
-
cpe:2.3:a:lestrrat-go:jwx:2.0.4
-
cpe:2.3:a:lestrrat-go:jwx:2.0.5
-
cpe:2.3:a:lestrrat-go:jwx:2.0.6
-
cpe:2.3:a:lestrrat-go:jwx:2.0.7
-
cpe:2.3:a:lestrrat-go:jwx:2.0.8
-
cpe:2.3:a:lestrrat-go:jwx:2.0.9