Medium severity6.8NVD Advisory· Published Mar 9, 2024· Updated Jun 17, 2026
CVE-2024-28122
CVE-2024-28122
Description
JWX is Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. This issue has been patched in versions 1.2.29 and 2.0.21.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/lestrrat-go/jwx/v2Go | < 2.0.21 | 2.0.21 |
github.com/lestrrat-go/jwxGo | < 1.2.29 | 1.2.29 |
Affected products
113- osv-coords112 versionspkg:apk/chainguard/boring-registrypkg:apk/chainguard/boring-registry-fipspkg:apk/chainguard/external-secrets-0.7pkg:apk/chainguard/external-secrets-0.7-compatpkg:apk/chainguard/external-secrets-fipspkg:apk/chainguard/external-secrets-operatorpkg:apk/chainguard/falcopkg:apk/chainguard/falcoctlpkg:apk/chainguard/falcoctl-fipspkg:apk/chainguard/falco-devpkg:apk/chainguard/falco-srcpkg:apk/chainguard/istio-cni-1.19pkg:apk/chainguard/istio-cni-1.19-compatpkg:apk/chainguard/istio-cni-1.20pkg:apk/chainguard/istio-cni-1.20-compatpkg:apk/chainguard/istio-cni-fips-1.19pkg:apk/chainguard/istio-cni-fips-1.19-compatpkg:apk/chainguard/istio-cni-fips-1.20pkg:apk/chainguard/istio-cni-fips-1.20-compatpkg:apk/chainguard/istio-fips-1.20pkg:apk/chainguard/istio-install-cni-1.19pkg:apk/chainguard/istio-install-cni-1.19-compatpkg:apk/chainguard/istio-install-cni-1.20pkg:apk/chainguard/istio-install-cni-1.20-compatpkg:apk/chainguard/istio-install-cni-fips-1.19pkg:apk/chainguard/istio-install-cni-fips-1.19-compatpkg:apk/chainguard/istio-install-cni-fips-1.20pkg:apk/chainguard/istio-install-cni-fips-1.20-compatpkg:apk/chainguard/istio-operator-1.19pkg:apk/chainguard/istio-operator-1.20pkg:apk/chainguard/istio-operator-fips-1.19pkg:apk/chainguard/istio-operator-fips-1.20pkg:apk/chainguard/istio-pilot-agent-1.19pkg:apk/chainguard/istio-pilot-agent-1.19-compatpkg:apk/chainguard/istio-pilot-agent-1.20pkg:apk/chainguard/istio-pilot-agent-1.20-compatpkg:apk/chainguard/istio-pilot-agent-fips-1.19pkg:apk/chainguard/istio-pilot-agent-fips-1.19-compatpkg:apk/chainguard/istio-pilot-agent-fips-1.20pkg:apk/chainguard/istio-pilot-agent-fips-1.20-compatpkg:apk/chainguard/istio-pilot-discovery-1.19pkg:apk/chainguard/istio-pilot-discovery-1.19-compatpkg:apk/chainguard/istio-pilot-discovery-1.20pkg:apk/chainguard/istio-pilot-discovery-1.20-compatpkg:apk/chainguard/istio-pilot-discovery-fips-1.19pkg:apk/chainguard/istio-pilot-discovery-fips-1.19-compatpkg:apk/chainguard/istio-pilot-discovery-fips-1.20pkg:apk/chainguard/kyvernopkg:apk/chainguard/kyverno-background-controllerpkg:apk/chainguard/kyverno-cleanup-controllerpkg:apk/chainguard/kyverno-clipkg:apk/chainguard/kyverno-init-containerpkg:apk/chainguard/kyverno-reports-controllerpkg:apk/chainguard/mcpkg:apk/chainguard/mc-bitnami-2024-compatpkg:apk/chainguard/mc-bitnami-2025-compatpkg:apk/chainguard/mc-fipspkg:apk/chainguard/mc-iamguarded-2025-compatpkg:apk/chainguard/miniopkg:apk/chainguard/minio-bitnami-2024-compatpkg:apk/chainguard/minio-bitnami-2025-compatpkg:apk/chainguard/minio-fipspkg:apk/chainguard/minio-iamguarded-2025-compatpkg:apk/chainguard/spire-agentpkg:apk/chainguard/spire-agent-fipspkg:apk/chainguard/spire-oidc-discovery-providerpkg:apk/chainguard/spire-oidc-discovery-provider-fipspkg:apk/chainguard/spire-serverpkg:apk/chainguard/spire-server-fipspkg:apk/wolfi/boring-registrypkg:apk/wolfi/external-secrets-operatorpkg:apk/wolfi/falcopkg:apk/wolfi/falcoctlpkg:apk/wolfi/falco-devpkg:apk/wolfi/falco-srcpkg:apk/wolfi/istio-cni-1.19pkg:apk/wolfi/istio-cni-1.19-compatpkg:apk/wolfi/istio-cni-1.20pkg:apk/wolfi/istio-cni-1.20-compatpkg:apk/wolfi/istio-install-cni-1.19pkg:apk/wolfi/istio-install-cni-1.19-compatpkg:apk/wolfi/istio-install-cni-1.20pkg:apk/wolfi/istio-install-cni-1.20-compatpkg:apk/wolfi/istio-operator-1.19pkg:apk/wolfi/istio-operator-1.20pkg:apk/wolfi/istio-pilot-agent-1.19pkg:apk/wolfi/istio-pilot-agent-1.19-compatpkg:apk/wolfi/istio-pilot-agent-1.20pkg:apk/wolfi/istio-pilot-agent-1.20-compatpkg:apk/wolfi/istio-pilot-discovery-1.19pkg:apk/wolfi/istio-pilot-discovery-1.19-compatpkg:apk/wolfi/istio-pilot-discovery-1.20pkg:apk/wolfi/istio-pilot-discovery-1.20-compatpkg:apk/wolfi/kyvernopkg:apk/wolfi/kyverno-background-controllerpkg:apk/wolfi/kyverno-cleanup-controllerpkg:apk/wolfi/kyverno-clipkg:apk/wolfi/kyverno-init-containerpkg:apk/wolfi/kyverno-reports-controllerpkg:apk/wolfi/mcpkg:apk/wolfi/mc-bitnami-2024-compatpkg:apk/wolfi/mc-bitnami-2025-compatpkg:apk/wolfi/mc-iamguarded-2025-compatpkg:apk/wolfi/miniopkg:apk/wolfi/minio-bitnami-2024-compatpkg:apk/wolfi/minio-bitnami-2025-compatpkg:apk/wolfi/minio-iamguarded-2025-compatpkg:apk/wolfi/spire-agentpkg:apk/wolfi/spire-oidc-discovery-providerpkg:apk/wolfi/spire-serverpkg:golang/github.com/lestrrat-go/jwxpkg:golang/github.com/lestrrat-go/jwx/v2
< 0.13.2-r2+ 111 more
- (no CPE)range: < 0.13.2-r2
- (no CPE)range: < 0.13.2-r2
- (no CPE)range: < 0.7.3-r1
- (no CPE)range: < 0.7.3-r1
- (no CPE)range: < 0.9.13-r2
- (no CPE)range: < 0.9.13-r3
- (no CPE)range: < 0.37.1-r0
- (no CPE)range: < 0.7.3-r3
- (no CPE)range: < 0.7.3-r3
- (no CPE)range: < 0.37.1-r0
- (no CPE)range: < 0.37.1-r0
- (no CPE)range: < 1.19.7-r3
- (no CPE)range: < 1.19.7-r3
- (no CPE)range: < 1.20.3-r3
- (no CPE)range: < 1.20.3-r3
- (no CPE)range: < 1.19.7-r2
- (no CPE)range: < 1.19.7-r2
- (no CPE)range: < 1.20.3-r4
- (no CPE)range: < 1.20.3-r4
- (no CPE)range: < 1.20.3-r4
- (no CPE)range: < 1.19.7-r3
- (no CPE)range: < 1.19.7-r3
- (no CPE)range: < 1.20.3-r3
- (no CPE)range: < 1.20.3-r3
- (no CPE)range: < 1.19.7-r2
- (no CPE)range: < 1.19.7-r2
- (no CPE)range: < 1.20.3-r4
- (no CPE)range: < 1.20.3-r4
- (no CPE)range: < 1.19.8-r1
- (no CPE)range: < 1.20.3-r4
- (no CPE)range: < 1.19.8-r1
- (no CPE)range: < 1.20.3-r4
- (no CPE)range: < 1.19.8-r1
- (no CPE)range: < 1.19.8-r1
- (no CPE)range: < 1.20.3-r3
- (no CPE)range: < 1.20.3-r3
- (no CPE)range: < 1.19.8-r1
- (no CPE)range: < 1.19.8-r1
- (no CPE)range: < 1.20.3-r4
- (no CPE)range: < 1.20.3-r4
- (no CPE)range: < 1.19.7-r4
- (no CPE)range: < 1.19.7-r4
- (no CPE)range: < 1.20.3-r2
- (no CPE)range: < 1.20.3-r2
- (no CPE)range: < 1.19.8-r1
- (no CPE)range: < 1.19.8-r1
- (no CPE)range: < 1.20.3-r4
- (no CPE)range: < 1.11.4-r6
- (no CPE)range: < 1.11.4-r6
- (no CPE)range: < 1.11.4-r6
- (no CPE)range: < 1.11.4-r6
- (no CPE)range: < 1.11.4-r6
- (no CPE)range: < 1.11.4-r6
- (no CPE)range: < 0.20231220.071422-r4
- (no CPE)range: < 0.20231220.071422-r4
- (no CPE)range: < 0.20231220.071422-r4
- (no CPE)range: < 0.20240131.085940-r2
- (no CPE)range: < 0.20231220.071422-r4
- (no CPE)range: < 0.20231220.010002-r4
- (no CPE)range: < 0.20231220.010002-r4
- (no CPE)range: < 0.20231220.010002-r4
- (no CPE)range: < 0.20240131.202033-r2
- (no CPE)range: < 0.20231220.010002-r4
- (no CPE)range: < 1.9.1-r2
- (no CPE)range: < 1.9.2-r0
- (no CPE)range: < 1.9.1-r2
- (no CPE)range: < 1.9.2-r0
- (no CPE)range: < 1.9.1-r2
- (no CPE)range: < 1.9.2-r0
- (no CPE)range: < 0.13.2-r2
- (no CPE)range: < 0.9.13-r3
- (no CPE)range: < 0.37.1-r0
- (no CPE)range: < 0.7.3-r3
- (no CPE)range: < 0.37.1-r0
- (no CPE)range: < 0.37.1-r0
- (no CPE)range: < 1.19.7-r3
- (no CPE)range: < 1.19.7-r3
- (no CPE)range: < 1.20.3-r3
- (no CPE)range: < 1.20.3-r3
- (no CPE)range: < 1.19.7-r3
- (no CPE)range: < 1.19.7-r3
- (no CPE)range: < 1.20.3-r3
- (no CPE)range: < 1.20.3-r3
- (no CPE)range: < 1.19.8-r1
- (no CPE)range: < 1.20.3-r4
- (no CPE)range: < 1.19.8-r1
- (no CPE)range: < 1.19.8-r1
- (no CPE)range: < 1.20.3-r3
- (no CPE)range: < 1.20.3-r3
- (no CPE)range: < 1.19.7-r4
- (no CPE)range: < 1.19.7-r4
- (no CPE)range: < 1.20.3-r2
- (no CPE)range: < 1.20.3-r2
- (no CPE)range: < 1.11.4-r6
- (no CPE)range: < 1.11.4-r6
- (no CPE)range: < 1.11.4-r6
- (no CPE)range: < 1.11.4-r6
- (no CPE)range: < 1.11.4-r6
- (no CPE)range: < 1.11.4-r6
- (no CPE)range: < 0.20231220.071422-r4
- (no CPE)range: < 0.20231220.071422-r4
- (no CPE)range: < 0.20231220.071422-r4
- (no CPE)range: < 0.20231220.071422-r4
- (no CPE)range: < 0.20231220.010002-r4
- (no CPE)range: < 0.20231220.010002-r4
- (no CPE)range: < 0.20231220.010002-r4
- (no CPE)range: < 0.20231220.010002-r4
- (no CPE)range: < 1.9.1-r2
- (no CPE)range: < 1.9.1-r2
- (no CPE)range: < 1.9.1-r2
- (no CPE)range: < 1.2.29
- (no CPE)range: < 2.0.21
- Range: >= 2.0.0, < 2.0.21
Patches
Vulnerability mechanics
References
7- github.com/lestrrat-go/jwx/security/advisories/GHSA-hj3v-m684-v259nvdExploitVendor AdvisoryWEB
- github.com/advisories/GHSA-hj3v-m684-v259ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-28122ghsaADVISORY
- github.com/lestrrat-go/jwx/commit/d01027d74c7376d66037a10f4f64af9af26a7e34ghsaWEB
- github.com/lestrrat-go/jwx/commit/d43f2ceb7f0c13714dfe8854d6439766e86faa76ghsaWEB
- github.com/lestrrat-go/jwx/releases/tag/v1.2.29nvdProductRelease NotesWEB
- github.com/lestrrat-go/jwx/releases/tag/v2.0.21nvdProductRelease NotesWEB
News mentions
0No linked articles in our index yet.