{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-25T19:42:14.512","vulnerabilities":[{"cve":{"id":"CVE-2024-28122","sourceIdentifier":"security-advisories@github.com","published":"2024-03-09T01:15:06.940","lastModified":"2026-06-17T07:21:00.713","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":" JWX is Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. This issue has been patched in versions 1.2.29 and 2.0.21."},{"lang":"es","value":"JWX es un módulo Go que implementa varias tecnologías JWx (JWA/JWE/JWK/JWS/JWT, también conocidas como JOSE). Esta vulnerabilidad permite a un atacante con una clave pública confiable provocar una condición de denegación de servicio (DoS) mediante la creación de un token JSON Web Encryption (JWE) malicioso con una relación de compresión excepcionalmente alta. Este problema se solucionó en las versiones 1.2.29 y 2.0.21."}],"affected":[{"source":"security-advisories@github.com","affectedData":[{"vendor":"lestrrat-go","product":"jwx","versions":[{"version":">= 2.0.0, < 2.0.21","status":"affected"},{"version":">= 1.2.0, < 1.2.29","status":"affected"}]}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","affectedData":[{"vendor":"lestrrat-go","product":"jwx","defaultStatus":"unknown","cpes":["cpe:2.3:a:lestrrat-go:jwx:2.0.0:*:*:*:*:*:*:*"],"versions":[{"version":"2.0.0","lessThan":"2.0.21","versionType":"custom","status":"affected"}]},{"vendor":"lestrrat-go","product":"jwx","defaultStatus":"unknown","cpes":["cpe:2.3:a:lestrrat-go:jwx:1.2.0:*:*:*:*:*:*:*"],"versions":[{"version":"1.2.0","lessThan":"1.2.29","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":4.0}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2024-03-11T16:48:06.985221Z","id":"CVE-2024-28122","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-400"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:lestrrat-go:jwx:*:*:*:*:*:*:*:*","versionEndExcluding":"1.2.29","matchCriteriaId":"79C2CC9A-8D3D-4779-9948-92DCF7AB83FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:lestrrat-go:jwx:*:*:*:*:*:*:*:*","versionStartIncluding":"2.0.0","versionEndExcluding":"2.0.21","matchCriteriaId":"2F88C1FB-C158-42C7-B032-DC5B7DC21134"}]}]}],"references":[{"url":"https://github.com/lestrrat-go/jwx/releases/tag/v1.2.29","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/lestrrat-go/jwx/releases/tag/v2.0.21","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/lestrrat-go/jwx/security/advisories/GHSA-hj3v-m684-v259","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/lestrrat-go/jwx/releases/tag/v1.2.29","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product","Release Notes"]},{"url":"https://github.com/lestrrat-go/jwx/releases/tag/v2.0.21","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Product","Release Notes"]},{"url":"https://github.com/lestrrat-go/jwx/security/advisories/GHSA-hj3v-m684-v259","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]}]}}]}