Skip to content

Commit 550db0f

Browse files
advisory-database[bot]advisory-database[bot]
committed
1 parent fc21c65 commit 550db0f

File tree

1 file changed

+33
-4
lines changed

1 file changed

+33
-4
lines changed

advisories/unreviewed/2025/12/GHSA-3677-xxcr-wjqv/GHSA-3677-xxcr-wjqv.json renamed to advisories/github-reviewed/2025/12/GHSA-3677-xxcr-wjqv/GHSA-3677-xxcr-wjqv.json

Lines changed: 33 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,36 +1,65 @@
11
{
22
"schema_version": "1.4.0",
33
"id": "GHSA-3677-xxcr-wjqv",
4-
"modified": "2025-12-17T21:30:46Z",
4+
"modified": "2025-12-18T15:34:32Z",
55
"published": "2025-12-17T18:31:33Z",
66
"aliases": [
77
"CVE-2024-29371"
88
],
9+
"summary": "jose4j is vulnerable to DoS via compressed JWE content",
910
"details": "In jose4j before 0.9.5, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.",
1011
"severity": [
1112
{
1213
"type": "CVSS_V3",
1314
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
1415
}
1516
],
16-
"affected": [],
17+
"affected": [
18+
{
19+
"package": {
20+
"ecosystem": "Maven",
21+
"name": "org.bitbucket.b_c:jose4j"
22+
},
23+
"ranges": [
24+
{
25+
"type": "ECOSYSTEM",
26+
"events": [
27+
{
28+
"introduced": "0"
29+
},
30+
{
31+
"fixed": "0.9.5"
32+
}
33+
]
34+
}
35+
]
36+
}
37+
],
1738
"references": [
1839
{
1940
"type": "ADVISORY",
2041
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-29371"
2142
},
43+
{
44+
"type": "WEB",
45+
"url": "https://bitbucket.org/b_c/jose4j/commits/19a90a64c47bb07c4aa5462f1316d5c293d81fcf"
46+
},
2247
{
2348
"type": "WEB",
2449
"url": "https://bitbucket.org/b_c/jose4j/issues/220/vuln-zip-bomb-attack"
50+
},
51+
{
52+
"type": "PACKAGE",
53+
"url": "https://bitbucket.org/b_c/jose4j/wiki/Home"
2554
}
2655
],
2756
"database_specific": {
2857
"cwe_ids": [
2958
"CWE-1259"
3059
],
3160
"severity": "HIGH",
32-
"github_reviewed": false,
33-
"github_reviewed_at": null,
61+
"github_reviewed": true,
62+
"github_reviewed_at": "2025-12-18T15:34:32Z",
3463
"nvd_published_at": "2025-12-17T16:16:04Z"
3564
}
3665
}

0 commit comments

Comments
 (0)