Lucene search
Redhat.comRH:CVE-2024-28122HistoryMar 10, 2024 - 9:37 a.m.
CVE-2024-28122
2024-03-1009:37:46
redhat.com
access.redhat.com
18
jwx
resource consumption
vulnerability
denial of service
jwe token
compression ratio
2024-28122
trusted public key
CVSS3
6.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
EPSS
0
Percentile
15.5%
An uncontrolled resource consumption vulnerability was found in jwx. This flaw allows an attacker with a trusted public key to cause a denial of service condition by crafting a malicious JWE token with an exceptionally high compression ratio.
Related
osv
osv
CGA-mr93-pcjw-6h9p
2024-06-06 12:28:34
CGA-8v47-gjqh-4qx4
2024-06-06 12:25:17
CGA-27vf-hr8r-554x
2024-06-06 12:18:03
veracode
veracode
Denial Of Service (DoS)
2024-03-11 06:02:37
ibm
ibm
vulnrichment
vulnrichment
cve
cve
CVE-2024-28122
2024-03-09 01:15:06
cvelist
cvelist
wolfi
wolfi
CVE-2024-28122 vulnerabilities
2024-10-01 21:13:23
prion
prion
Design/Logic Flaw
2024-03-09 01:15:00
nvd
nvd
CVE-2024-28122
2024-03-09 01:15:06
cgr
cgr
CVE-2024-28122 vulnerabilities
2024-05-19 03:07:16
github
github
JWX vulnerable to a denial of service attack using compressed JWE message
2024-03-08 15:06:53
CVSS3
6.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
EPSS
0
Percentile
15.5%
Related for RH:CVE-2024-28122