CVSS 3.1 Score 6.8 of 10 (medium)


Published Mar 9, 2024
Updated: Mar 11, 2024
CWE ID 400


CVE-2024-28122 is a vulnerability in the JWX Go module, which implements various JOSE (JWA/JWE/JWK/JWS/JWT) technologies. An attacker with a trusted public key can exploit this vulnerability to create a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. The issue has been patched in versions 1.2.29 and 2.0.21 of the module. This vulnerability poses a medium risk to organizations, with a base score of 6.8, as it can lead to a disruption of service availability if exploited through network attacks.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-28122 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options