Improper Restriction of Security Token Assignment

CVE-2024-29371

High

7.5/10

Summary

In jose4j versions prior to 0.9.5, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-1259 - Improper Restriction of Security Token Assignment

The System-On-A-Chip (SoC) implements a Security Token mechanism to differentiate what actions are allowed or disallowed when a transaction originates from an entity. However, the Security Tokens are improperly protected.

References

Advisory
Issue

Advisory Timeline

Published Dec 17, 2025

Improper Restriction of Security Token Assignment

CVE-2024-29371

Summary

CWE-1259 - Improper Restriction of Security Token Assignment

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS