Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/eap8-netty-xnio-transport@0.1.10-1.Final_redhat_00001.1?arch=el8eap
Typerpm
Namespaceredhat
Nameeap8-netty-xnio-transport
Version0.1.10-1.Final_redhat_00001.1
Qualifiers
arch el8eap
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-8mj8-rxf8-qyau
vulnerability_id VCID-8mj8-rxf8-qyau
summary 
jose4j is vulnerable to DoS via compressed JWE content
In jose4j before 0.9.6, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29371.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29371.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-29371
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05099
published_at 2026-04-16T12:55:00Z
1
value 0.00019
scoring_system epss
scoring_elements 0.05143
published_at 2026-04-04T12:55:00Z
2
value 0.00019
scoring_system epss
scoring_elements 0.05216
published_at 2026-04-09T12:55:00Z
3
value 0.00019
scoring_system epss
scoring_elements 0.05198
published_at 2026-04-08T12:55:00Z
4
value 0.00019
scoring_system epss
scoring_elements 0.05114
published_at 2026-04-02T12:55:00Z
5
value 0.00019
scoring_system epss
scoring_elements 0.05165
published_at 2026-04-07T12:55:00Z
6
value 0.00019
scoring_system epss
scoring_elements 0.05156
published_at 2026-04-13T12:55:00Z
7
value 0.00019
scoring_system epss
scoring_elements 0.05169
published_at 2026-04-12T12:55:00Z
8
value 0.00019
scoring_system epss
scoring_elements 0.05185
published_at 2026-04-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-29371
2
reference_url https://bitbucket.org/b_c/jose4j/commits/19a90a64c47bb07c4aa5462f1316d5c293d81fcf
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/b_c/jose4j/commits/19a90a64c47bb07c4aa5462f1316d5c293d81fcf
3
reference_url https://bitbucket.org/b_c/jose4j/issues/220/vuln-zip-bomb-attack
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-17T18:38:20Z/
url https://bitbucket.org/b_c/jose4j/issues/220/vuln-zip-bomb-attack
4
reference_url https://bitbucket.org/b_c/jose4j/wiki/Home
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/b_c/jose4j/wiki/Home
5
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2423194
reference_id 2423194
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2423194
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-29371
reference_id CVE-2024-29371
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-29371
8
reference_url https://github.com/advisories/GHSA-3677-xxcr-wjqv
reference_id GHSA-3677-xxcr-wjqv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3677-xxcr-wjqv
9
reference_url https://access.redhat.com/errata/RHSA-2024:5479
reference_id RHSA-2024:5479
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5479
10
reference_url https://access.redhat.com/errata/RHSA-2024:5481
reference_id RHSA-2024:5481
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5481
11
reference_url https://access.redhat.com/errata/RHSA-2024:5482
reference_id RHSA-2024:5482
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:5482
12
reference_url https://access.redhat.com/errata/RHSA-2025:17299
reference_id RHSA-2025:17299
reference_type
scores
url https://access.redhat.com/errata/RHSA-2025:17299
fixed_packages
aliases CVE-2024-29371, GHSA-3677-xxcr-wjqv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8mj8-rxf8-qyau
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/eap8-netty-xnio-transport@0.1.10-1.Final_redhat_00001.1%3Farch=el8eap