CVE-2024-29371

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions jose4j versions prior to 0.9.5

Description An attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. Processing this token by the server results in significant memory allocation and processing time during decompression.

Recommendations Update to version 0.9.5 or later.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1259

Related Identifiers

BDU:2026-01020

CLEANSTART-2026-IA43044

CLEANSTART-2026-RD06185

CVE-2024-29371

GHSA-3677-XXCR-WJQV

RHSA-2024:5479

RHSA-2024:5481

SUSE-SU-2026:1010-1

SUSE-SU-2026:1035-1

Affected Products

Confluence

Red Os

Jose4J

CVE-2024-29371

Weakness Enumeration

Related Identifiers

Affected Products

References · 129