CVE-2024-29371

Published: Dec 17, 2025

Modified: Jan 23, 2026

PUBLISHED

Description

In jose4j before 0.9.6, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bitbucket.org/b_c/jose4j/issues/220/vuln-zip-bomb-attack

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-29371

Description

Affected Products

References