CVE-2024-28122

Published
View on NVD ↗
CVSS v3
6.8
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT

Description

JWX is Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. This issue has been patched in versions 1.2.29 and 2.0.21.

lestrrat-go/jwx
lestrrat-go/jwx
Complete implementation of JWx (Javascript Object Signing and Encryption/JOSE) technologies for Go. #golang #jwt #jws #jwk #jwe
GitHubGitHub
2.39K