VYPR
Medium severity6.8NVD Advisory· Published Mar 9, 2024· Updated Jun 17, 2026

CVE-2024-28122

CVE-2024-28122

Description

JWX is Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. This issue has been patched in versions 1.2.29 and 2.0.21.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/lestrrat-go/jwx/v2Go
< 2.0.212.0.21
github.com/lestrrat-go/jwxGo
< 1.2.291.2.29

Affected products

113

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.