{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T14:07:44.959","vulnerabilities":[{"cve":{"id":"CVE-2024-21664","sourceIdentifier":"security-advisories@github.com","published":"2024-01-09T20:15:43.740","lastModified":"2024-11-21T08:54:49.440","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. Calling `jws.Parse` with a JSON serialized payload where the `signature` field is present while `protected` is absent can lead to a nil pointer dereference. The vulnerability can be used to crash/DOS a system doing JWS verification. This vulnerability has been patched in versions 2.0.19 and 1.2.28.\n"},{"lang":"es","value":"jwx es un módulo Go que implementa varias tecnologías JWx (JWA/JWE/JWK/JWS/JWT, también conocidas como JOSE). Llamar a `jws.Parse` con un payload serializado JSON donde el campo `signature` está presente mientras que `protected` está ausente puede provocar una desreferencia del puntero nulo. La vulnerabilidad se puede utilizar para bloquear/DOS un sistema que realiza la verificación JWS. Esta vulnerabilidad ha sido parcheada en la versión 2.0.19."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-476"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lestrrat-go:jwx:*:*:*:*:*:*:*:*","versionEndExcluding":"2.0.19","matchCriteriaId":"5BC42760-3661-434C-8568-AF4B49498561"}]}]}],"references":[{"url":"https://github.com/lestrrat-go/jwx/commit/0e8802ce6842625845d651456493e7c87625601f","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/lestrrat-go/jwx/commit/8c53d0ae52d5ab1e2b37c5abb67def9e7958fd65","source":"security-advisories@github.com"},{"url":"https://github.com/lestrrat-go/jwx/commit/d69a721931a5c48b9850a42404f18e143704adcd","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/lestrrat-go/jwx/security/advisories/GHSA-pvcr-v8j8-j5q3","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/lestrrat-go/jwx/commit/0e8802ce6842625845d651456493e7c87625601f","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/lestrrat-go/jwx/commit/8c53d0ae52d5ab1e2b37c5abb67def9e7958fd65","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://github.com/lestrrat-go/jwx/commit/d69a721931a5c48b9850a42404f18e143704adcd","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/lestrrat-go/jwx/security/advisories/GHSA-pvcr-v8j8-j5q3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]}]}}]}