CVE-2024-29371

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2024-29371

Severity

7.5

High

CVSS V3

Description

In jose4j before 0.9.5, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.

References

https://images.chainguard.dev/security/CGA-r729-5q9w-h579
https://github.com/advisories/GHSA-3677-xxcr-wjqv
https://images.chainguard.dev/security/CGA-m384-9gc6-jc6v
https://images.chainguard.dev/security/CGA-j26w-9r84-m769
https://images.chainguard.dev/security/CGA-7wx6-qmq7-wvgp
https://images.chainguard.dev/security/CGA-rcxv-c72q-8977
https://images.chainguard.dev/security/CGA-7p9h-pp52-hp3x
https://images.chainguard.dev/security/CGA-3w2v-p4xw-mwgh
https://images.chainguard.dev/security/CGA-23cc-93gv-875j
https://images.chainguard.dev/security/CGA-88rq-qcfv-cvwg
https://bitbucket.org/b_c/jose4j/issues/220/vuln-zip-bomb-attack

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

The trusted source for open source

Talk to an expert

Privacy

Terms

CVE-2024-29371

Severity

Description

References

Affected packages

The trusted source for open source

Product

Solutions

Customers

Resources

Company