VYPR
Medium severity5.3OSV Advisory· Published Apr 4, 2024· Updated Apr 15, 2026

CVE-2024-31209

CVE-2024-31209

Description

oidcc is the OpenID Connect client library for Erlang. Denial of Service (DoS) by Atom exhaustion is possible by calling oidcc_provider_configuration_worker:get_provider_configuration/1 or oidcc_provider_configuration_worker:get_jwks/1. This issue has been patched in version(s)3.1.2 & 3.2.0-beta.3.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
oidccHex
>= 3.0.0, < 3.0.23.0.2
oidccHex
>= 3.1.0, < 3.1.23.1.2
oidccHex
>= 3.2.0-beta.1, < 3.2.0-beta.33.2.0-beta.3

Affected products

2

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.