How severe is CVE-2024-28180?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2024-28180?

This is classified as CWE-409, which is a common weakness in software security.

CVE-2024-28180

MEDIUM Year: 2024

CVSS v3 Score

4.3

Medium

Weakness Type

CWE-409

View all →

Vulnerability Description

Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3.

CVE-2024-54016

MEDIUM

CVSS:4.3(Medium)

Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in Apache Seata (incubating). This issue affects Apache Seata (incubating): through <=2.2.0. Users are recommended to upg...

CWE-4092024

CVE-2025-0986

MEDIUM

CVSS:4.5(Medium)

IBM PowerVM Hypervisor FW1050.00 through FW1050.30 and FW1060.00 through FW1060.20 could allow a local user, under certain Linux processor combability mode configurations, to cause undetected data los...

CWE-4092025

CVE-2023-26483

MEDIUM

CVSS:5.3(Medium)

gosaml2 is a Pure Go implementation of SAML 2.0. SAML Service Providers using this library for SAML authentication support are likely susceptible to Denial of Service attacks. A bug in this library en...

CWE-4092023

CVE-2022-37439

MEDIUM

CVSS:5.5(Medium)

In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts t...

CWE-4092022

CVE-2017-16129

MEDIUM

CVSS:5.9(Medium)

The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. ...

CWE-4092017

CVE-2024-28101

HIGH

CVSS:7.5(High)

The Apollo Router is a graph router written in Rust to run a federated supergraph that uses Apollo Federation. Versions 0.9.5 until 1.40.2 are subject to a Denial-of-Service (DoS) type vulnerability. ...

CWE-4092024

CVE-2024-28180

Vulnerability Description

Related Vulnerabilities

CVE-2024-54016

CVE-2025-0986

CVE-2023-26483

CVE-2022-37439

CVE-2017-16129

CVE-2024-28101