[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2024-28176":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":86,"aliases":87,"duplicate_of":9,"upstream":89,"downstream":90,"duplicates":107,"related":108,"reserved_at":9,"published_at":114,"modified_at":115,"state":116,"summary":117,"references_raw":126,"kevs":198,"epss":199,"epss_history":202,"metrics":466,"affected":483},"CVE-2024-28176","jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has \n been identified in the JSON Web Encryption (JWE) decryption interfaces, specifically related to the support for decompressing plaintext after its decryption. Under certain conditions it is possible to have the user's environment consume unreasonable amount of CPU time or memory during JWE Decryption operations. This issue has been patched in versions 2.0.7 and 4.15.5.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-400","Uncontrolled Resource Consumption","The product does not properly control the allocation and maintenance of a limited resource.","weakness","Draft","Class","High",[20,24,82],{"id":21,"name":22,"techniques":23},"CAPEC-147","XML Ping of the Death",[],{"id":25,"name":26,"techniques":27},"CAPEC-227","Sustained Client Engagement",[28],{"id":29,"name":30,"tactics":31,"countermeasures":35},"T1499","Endpoint Denial of Service",[32],{"id":33,"name":34},"TA0105","Impact",[36,41,45,49,53,57,61,65,69,73,78],{"id":37,"name":38,"tactic":39},"D3-UGLPA","User Geolocation Logon Pattern Analysis",{"name":40},"Detect",{"id":42,"name":43,"tactic":44},"D3-PMAD","Protocol Metadata Anomaly Detection",{"name":40},{"id":46,"name":47,"tactic":48},"D3-CSPP","Client-server Payload Profiling",{"name":40},{"id":50,"name":51,"tactic":52},"D3-PHDURA","Per Host Download-Upload Ratio Analysis",{"name":40},{"id":54,"name":55,"tactic":56},"D3-NTSA","Network Traffic Signature Analysis",{"name":40},{"id":58,"name":59,"tactic":60},"D3-APCA","Application Protocol Command Analysis",{"name":40},{"id":62,"name":63,"tactic":64},"D3-NTCD","Network Traffic Community Deviation",{"name":40},{"id":66,"name":67,"tactic":68},"D3-RTSD","Remote Terminal Session Detection",{"name":40},{"id":70,"name":71,"tactic":72},"D3-ISVA","Inbound Session Volume Analysis",{"name":40},{"id":74,"name":75,"tactic":76},"D3-NTF","Network Traffic Filtering",{"name":77},"Isolate",{"id":79,"name":80,"tactic":81},"D3-ITF","Inbound Traffic Filtering",{"name":77},{"id":83,"name":84,"techniques":85},"CAPEC-492","Regular Expression Exponential Blowup",[],[],[88],"GHSA-hhhv-q57g-882q",[],[91,93,95,97,99,101,103,105],{"_key":92},"UBUNTU-CVE-2024-28176",{"_key":94},"MGASA-2024-0343",{"_key":96},"RHSA-2024:3826",{"_key":98},"RHSA-2024:3827",{"_key":100},"RHSA-2024:3968",{"_key":102},"RHSA-2024:5294",{"_key":104},"RHSA-2024:9181",{"_key":106},"RHSA-2024:0045",[],[109,110,112],{"_key":94},{"_key":111},"CGA-4G5X-9Q7Q-8VHR",{"_key":113},"CGA-VV94-RV5Q-C7MC","2024-03-09T00:43:06.930Z","2025-02-13T17:47:26.104Z","Analyzed",{"cisa_kev":118,"cisa_ransomware":118,"cisa_vendor":9,"epss_severity":119,"epss_score":120,"severity":121,"severity_score":122,"severity_version":123,"severity_source":124,"severity_vector":125,"severity_status":116},false,"low",0.00572,"medium",5.9,"v3.1","nvd","CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",[127,136,142,146,152,156,160,164,168,173,178,182,186,190,194],{"url":128,"sources":129,"tags":132},"https://github.com/panva/jose/security/advisories/GHSA-hhhv-q57g-882q",[130,124,131],"cve.org","osv_npm",[133,134,135],"X Refsource CONFIRM","Vendor Advisory","WEB",{"url":137,"sources":138,"tags":139},"https://github.com/panva/jose/commit/02a65794f7873cdaf12e81e80ad076fcdc4a9314",[130,124,131],[140,141,135],"X Refsource MISC","Patch",{"url":143,"sources":144,"tags":145},"https://github.com/panva/jose/commit/1b91d88d2f8233f3477a5f4579aa5f8057b2ee8b",[130,124,131],[140,141,135],{"url":147,"sources":148,"tags":149},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH/",[130,124],[150,151],"Mailing List","Third Party Advisory",{"url":153,"sources":154,"tags":155},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY/",[130,124],[150,151],{"url":157,"sources":158,"tags":159},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6MMWFBOXJA6ZCXNVPDFJ4XMK5PVG5RG/",[130,124],[150,151],{"url":161,"sources":162,"tags":163},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJO2U5ACZVACNQXJ5EBRFLFW6DP5BROY/",[130,124],[150,151],{"url":165,"sources":166,"tags":167},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UG5FSEYJ3GP27FZXC5YAAMMEC5XWKJHG/",[130,124],[150,151],{"url":169,"sources":170,"tags":171},"https://nvd.nist.gov/vuln/detail/CVE-2024-28176",[131],[172],"Advisory",{"url":174,"sources":175,"tags":176},"https://github.com/panva/jose",[131],[177],"PACKAGE",{"url":179,"sources":180,"tags":181},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6MMWFBOXJA6ZCXNVPDFJ4XMK5PVG5RG",[131],[135],{"url":183,"sources":184,"tags":185},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY",[131],[135],{"url":187,"sources":188,"tags":189},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UG5FSEYJ3GP27FZXC5YAAMMEC5XWKJHG",[131],[135],{"url":191,"sources":192,"tags":193},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UJO2U5ACZVACNQXJ5EBRFLFW6DP5BROY",[131],[135],{"url":195,"sources":196,"tags":197},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH",[131],[135],[],{"date":200,"score":120,"percentile":201},"2026-06-04",0.69023,[203,207,210,213,216,219,222,225,228,231,234,237,240,243,246,250,253,256,259,262,265,268,271,274,277,280,283,286,289,292,294,296,299,303,306,308,311,314,317,320,323,325,328,331,334,337,340,343,346,349,352,355,358,361,364,367,370,373,376,379,382,385,387,389,392,395,398,401,404,407,410,413,416,419,421,424,427,430,432,435,438,441,444,447,450,452,455,457,460,463],{"date":204,"score":205,"percentile":206},"2025-11-04",0.00182,0.40183,{"date":208,"score":205,"percentile":209},"2025-11-05",0.40177,{"date":211,"score":205,"percentile":212},"2025-11-06",0.4018,{"date":214,"score":205,"percentile":215},"2025-11-07",0.40208,{"date":217,"score":205,"percentile":218},"2025-11-08",0.40201,{"date":220,"score":205,"percentile":221},"2025-11-09",0.40185,{"date":223,"score":205,"percentile":224},"2025-11-10",0.4015,{"date":226,"score":205,"percentile":227},"2025-11-11",0.40167,{"date":229,"score":205,"percentile":230},"2025-11-12",0.40199,{"date":232,"score":205,"percentile":233},"2025-11-13",0.40212,{"date":235,"score":205,"percentile":236},"2025-11-14",0.40211,{"date":238,"score":205,"percentile":239},"2025-11-15",0.40207,{"date":241,"score":205,"percentile":242},"2025-11-16",0.4019,{"date":244,"score":205,"percentile":245},"2025-11-17",0.40161,{"date":247,"score":248,"percentile":249},"2025-11-18",0.00432,0.59967,{"date":251,"score":248,"percentile":252},"2025-11-19",0.5998,{"date":254,"score":248,"percentile":255},"2025-11-20",0.5997,{"date":257,"score":205,"percentile":258},"2025-11-21",0.40162,{"date":260,"score":205,"percentile":261},"2025-11-22",0.40164,{"date":263,"score":205,"percentile":264},"2025-11-23",0.40135,{"date":266,"score":205,"percentile":267},"2025-11-24",0.40125,{"date":269,"score":205,"percentile":270},"2025-11-25",0.40137,{"date":272,"score":205,"percentile":273},"2025-11-26",0.40129,{"date":275,"score":205,"percentile":276},"2025-11-27",0.40136,{"date":278,"score":205,"percentile":279},"2025-11-28",0.40111,{"date":281,"score":205,"percentile":282},"2025-11-29",0.40085,{"date":284,"score":205,"percentile":285},"2025-11-30",0.40066,{"date":287,"score":205,"percentile":288},"2025-12-01",0.40189,{"date":290,"score":205,"percentile":291},"2025-12-02",0.40196,{"date":293,"score":205,"percentile":218},"2025-12-03",{"date":295,"score":205,"percentile":285},"2025-12-04",{"date":297,"score":205,"percentile":298},"2025-12-05",0.40097,{"date":300,"score":301,"percentile":302},"2025-12-06",0.00422,0.613,{"date":304,"score":301,"percentile":305},"2025-12-07",0.61295,{"date":307,"score":301,"percentile":302},"2025-12-08",{"date":309,"score":301,"percentile":310},"2025-12-09",0.61338,{"date":312,"score":301,"percentile":313},"2025-12-10",0.61384,{"date":315,"score":301,"percentile":316},"2025-12-11",0.61403,{"date":318,"score":301,"percentile":319},"2025-12-12",0.61427,{"date":321,"score":301,"percentile":322},"2025-12-13",0.61432,{"date":324,"score":301,"percentile":322},"2025-12-14",{"date":326,"score":301,"percentile":327},"2025-12-15",0.61411,{"date":329,"score":301,"percentile":330},"2025-12-16",0.6143,{"date":332,"score":301,"percentile":333},"2025-12-17",0.61447,{"date":335,"score":301,"percentile":336},"2025-12-18",0.61487,{"date":338,"score":301,"percentile":339},"2025-12-19",0.61498,{"date":341,"score":301,"percentile":342},"2025-12-20",0.61497,{"date":344,"score":301,"percentile":345},"2025-12-21",0.61485,{"date":347,"score":301,"percentile":348},"2025-12-22",0.61475,{"date":350,"score":301,"percentile":351},"2025-12-23",0.6149,{"date":353,"score":301,"percentile":354},"2025-12-24",0.61501,{"date":356,"score":301,"percentile":357},"2025-12-25",0.61533,{"date":359,"score":301,"percentile":360},"2025-12-26",0.61528,{"date":362,"score":301,"percentile":363},"2025-12-27",0.61577,{"date":365,"score":301,"percentile":366},"2025-12-28",0.61502,{"date":368,"score":301,"percentile":369},"2025-12-29",0.61499,{"date":371,"score":301,"percentile":372},"2025-12-30",0.61513,{"date":374,"score":301,"percentile":375},"2025-12-31",0.61536,{"date":377,"score":301,"percentile":378},"2026-01-01",0.61723,{"date":380,"score":301,"percentile":381},"2026-01-02",0.61712,{"date":383,"score":301,"percentile":384},"2026-01-03",0.61707,{"date":386,"score":301,"percentile":372},"2026-01-04",{"date":388,"score":301,"percentile":366},"2026-01-05",{"date":390,"score":301,"percentile":391},"2026-01-06",0.61512,{"date":393,"score":301,"percentile":394},"2026-01-07",0.61535,{"date":396,"score":301,"percentile":397},"2026-01-08",0.6156,{"date":399,"score":301,"percentile":400},"2026-01-09",0.61563,{"date":402,"score":301,"percentile":403},"2026-01-10",0.61557,{"date":405,"score":301,"percentile":406},"2026-01-11",0.61542,{"date":408,"score":301,"percentile":409},"2026-01-12",0.61516,{"date":411,"score":301,"percentile":412},"2026-01-13",0.61496,{"date":414,"score":301,"percentile":415},"2026-01-14",0.61539,{"date":417,"score":301,"percentile":418},"2026-01-15",0.61537,{"date":420,"score":301,"percentile":403},"2026-01-16",{"date":422,"score":301,"percentile":423},"2026-01-17",0.6155,{"date":425,"score":301,"percentile":426},"2026-01-18",0.61547,{"date":428,"score":301,"percentile":429},"2026-01-19",0.61518,{"date":431,"score":301,"percentile":357},"2026-01-20",{"date":433,"score":301,"percentile":434},"2026-01-21",0.61541,{"date":436,"score":301,"percentile":437},"2026-01-22",0.61544,{"date":439,"score":301,"percentile":440},"2026-01-23",0.61579,{"date":442,"score":301,"percentile":443},"2026-01-24",0.61584,{"date":445,"score":301,"percentile":446},"2026-01-25",0.61548,{"date":448,"score":301,"percentile":449},"2026-01-26",0.61538,{"date":451,"score":301,"percentile":406},"2026-01-27",{"date":453,"score":301,"percentile":454},"2026-01-28",0.61551,{"date":456,"score":301,"percentile":454},"2026-01-29",{"date":458,"score":301,"percentile":459},"2026-01-30",0.61555,{"date":461,"score":301,"percentile":462},"2026-01-31",0.61561,{"date":464,"score":301,"percentile":465},"2026-02-01",0.61696,[467,474,477],{"source":130,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":468,"cvss_v4_0":9},{"baseScore":469,"baseSeverity":470,"vectorString":471,"impactScore":472,"exploitabilityScore":473},4.9,"MEDIUM","CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",6,3.1,{"source":124,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":475,"cvss_v4_0":9},{"baseScore":122,"baseSeverity":470,"vectorString":125,"impactScore":472,"exploitabilityScore":476},5.6,{"source":131,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":478,"cvss_v4_0":9},{"baseScore":479,"baseSeverity":9,"vectorString":480,"impactScore":481,"exploitabilityScore":482},5.3,"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",2.3,10,[484,496,509,518,523,527],{"ecosystem":9,"name":485,"vendor":486,"product":485,"cpe_part":487,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":488},"fedora","fedoraproject","o",[489],{"version":490,"is_range":491,"range_type":492,"version_start":493,"version_start_type":494,"version_end":495,"version_end_type":494,"fixed_in":9},"gte38_lte40",true,"cpe","38","including","40",{"ecosystem":9,"name":497,"vendor":498,"product":497,"cpe_part":499,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":500},"jose","jose_project","a",[501,505],{"version":502,"is_range":491,"range_type":492,"version_start":9,"version_start_type":9,"version_end":503,"version_end_type":504,"fixed_in":9},"lt2.0.7","2.0.7","excluding",{"version":506,"is_range":491,"range_type":492,"version_start":507,"version_start_type":494,"version_end":508,"version_end_type":504,"fixed_in":9},"gte3.0.0_lt4.15.5","3.0.0","4.15.5",{"ecosystem":510,"name":497,"vendor":510,"product":497,"cpe_part":9,"purl_type":511,"purl_namespace":9,"purl_name":497,"source":9,"versions":512},"Npm","npm",[513,516],{"version":514,"is_range":491,"range_type":515,"version_start":507,"version_start_type":494,"version_end":508,"version_end_type":504,"fixed_in":9},"gte3_0_0_lt4_15_5","semver",{"version":517,"is_range":491,"range_type":515,"version_start":9,"version_start_type":9,"version_end":503,"version_end_type":504,"fixed_in":9},"lt2_0_7",{"ecosystem":510,"name":519,"vendor":510,"product":519,"cpe_part":9,"purl_type":511,"purl_namespace":9,"purl_name":519,"source":9,"versions":520},"jose-node-cjs-runtime",[521],{"version":522,"is_range":491,"range_type":515,"version_start":9,"version_start_type":9,"version_end":508,"version_end_type":504,"fixed_in":9},"lt4_15_5",{"ecosystem":510,"name":524,"vendor":510,"product":524,"cpe_part":9,"purl_type":511,"purl_namespace":9,"purl_name":524,"source":9,"versions":525},"jose-node-esm-runtime",[526],{"version":522,"is_range":491,"range_type":515,"version_start":9,"version_start_type":9,"version_end":508,"version_end_type":504,"fixed_in":9},{"ecosystem":9,"name":497,"vendor":528,"product":497,"cpe_part":499,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":529},"panva",[530,533],{"version":531,"is_range":491,"range_type":130,"version_start":507,"version_start_type":494,"version_end":532,"version_end_type":494,"fixed_in":9},">= 3.0.0, \u003C= 4.15.4","4.15.4",{"version":534,"is_range":491,"range_type":130,"version_start":9,"version_start_type":9,"version_end":503,"version_end_type":504,"fixed_in":9},"\u003C 2.0.7"]