Security
Headlines

Headlines Latest CVEs

Headline

GHSA-3677-xxcr-wjqv: jose4j is vulnerable to DoS via compressed JWE content

In jose4j before 0.9.5, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.

3 days ago

#web #dos #js #git #java #intel #bitbucket #maven

Skip to content

Navigation Menu

- AI CODE CREATION
  - GitHub CopilotWrite better code with AI
  - GitHub SparkBuild and deploy intelligent apps
  - GitHub ModelsManage and compare prompts
  - MCP RegistryNewIntegrate external tools

View all features

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

GitHub Advisory Database
GitHub Reviewed
CVE-2024-29371

jose4j is vulnerable to DoS via compressed JWE content

High severity GitHub Reviewed Published Dec 17, 2025 to the GitHub Advisory Database • Updated Dec 18, 2025

Package

maven org.bitbucket.b_c:jose4j (Maven)

Affected versions

< 0.9.5

Description

Published to the GitHub Advisory Database

Dec 17, 2025

Last updated

Dec 18, 2025

EPSS score

ghsa: Latest News

GHSA-f43r-cc68-gpx4: External Control of File Name or Path in Langflow

19 hours ago

GHSA-5993-7p27-66g5: Langflow vulnerable to Server-Side Request Forgery

19 hours ago

GHSA-24v3-254g-jv85: Tuta Mail has DOM attribute and CSS injection in its Contact Viewer feature

21 hours ago

GHSA-4hx9-48xh-5mxr: Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization

21 hours ago

GHSA-5j53-63w8-8625: FastAPI Users Vulnerable to 1-click Account Takeover in Apps Using FastAPI SSO

21 hours ago