CVE-2024-28176 Overview
A resource exhaustion vulnerability has been identified in the jose JavaScript module, which provides support for JSON Object Signing and Encryption (JOSE) standards including JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), and JSON Web Key Set (JWKS). The vulnerability exists in the JSON Web Encryption (JWE) decryption interfaces, specifically related to the support for decompressing plaintext after decryption. Under certain conditions, an attacker can cause the target environment to consume unreasonable amounts of CPU time or memory during JWE Decryption operations, leading to denial of service.
Critical Impact
Applications using vulnerable versions of the jose library for JWE decryption may be susceptible to denial of service attacks through specially crafted JWE payloads that trigger excessive resource consumption during decompression.
Affected Products
- jose_project jose (versions prior to 2.0.7 and 4.15.5)
- Fedoraproject Fedora
Discovery Timeline
- March 9, 2024 - CVE CVE-2024-28176 published to NVD
- December 5, 2025 - Last updated in NVD database
Technical Details for CVE-2024-28176
Vulnerability Analysis
This vulnerability falls under the category of Resource Exhaustion (CWE-400), a type of denial of service vulnerability. The jose library implements JWE decryption with optional support for decompressing the plaintext payload after decryption. The vulnerability manifests when processing maliciously crafted JWE tokens that exploit the decompression mechanism.
When a JWE token specifies a compression algorithm in its header (such as DEF for DEFLATE compression), the library will attempt to decompress the decrypted plaintext. An attacker can craft a JWE token with a small compressed payload that expands to an extremely large size during decompression, commonly known as a "decompression bomb" or "zip bomb" attack. This can cause the target application to exhaust available memory or CPU resources while attempting to process the malicious payload.
The vulnerability requires network access but has high attack complexity as specific conditions must be met for exploitation. The impact is limited to availability, with no direct effect on confidentiality or integrity.
Root Cause
The root cause of this vulnerability is inadequate resource constraints in the JWE decompression implementation. The library did not properly limit the resources consumed during the decompression phase of JWE decryption, allowing specially crafted compressed payloads to expand disproportionately and exhaust system resources.
Attack Vector
The attack is network-based, requiring an attacker to send a malicious JWE token to an application that processes it using a vulnerable version of the jose library. The attack does not require authentication or user interaction, but the complexity is considered high as specific conditions must be present:
- The target application must accept JWE tokens from untrusted sources
- The JWE decryption must support compressed payloads
- The attacker must craft a JWE token that passes decryption but contains a decompression bomb
The attack mechanism involves creating a JWE token with a payload that has a very high compression ratio. When the library decrypts and then decompresses this payload, it attempts to allocate memory for the decompressed data, potentially exhausting available resources. For technical details on the vulnerability mechanism, see the GitHub Security Advisory.
Detection Methods for CVE-2024-28176
Indicators of Compromise
- Unusual memory consumption spikes in applications processing JWT/JWE tokens
- CPU utilization anomalies during token validation operations
- Application crashes or hangs during JWE decryption routines
- Increased latency or timeouts in authentication services
Detection Strategies
- Monitor application memory and CPU usage patterns for abnormal consumption during token processing
- Implement logging for JWE decryption operations and alert on failures or extended processing times
- Use dependency scanning tools to identify vulnerable versions of the jose library in your codebase
- Deploy runtime application security monitoring to detect resource exhaustion patterns
Monitoring Recommendations
- Set up alerts for memory usage thresholds on services that process JWE tokens
- Monitor Node.js process metrics for heap memory growth during authentication workflows
- Implement request timeout limits on endpoints that perform JWE decryption
- Configure resource quotas and limits in containerized environments to contain potential impact
How to Mitigate CVE-2024-28176
Immediate Actions Required
- Upgrade the jose library to version 2.0.7 or later (for 2.x branch) or version 4.15.5 or later (for 4.x branch)
- Review and inventory all applications using the jose library for JWE decryption
- Implement resource limits and timeouts for token processing operations
- Consider temporarily disabling JWE compression support if not required
Patch Information
The jose project has released patched versions that address this vulnerability. The fixes have been applied in versions 2.0.7 and 4.15.5. Detailed patch commits are available:
Fedora users should apply the latest package updates as announced through the Fedora Package Announcements.
Workarounds
- Disable JWE compression support in your application if the feature is not required
- Implement resource limits at the infrastructure level (memory limits, CPU quotas)
- Add request size validation before processing JWE tokens
- Deploy a web application firewall (WAF) to filter potentially malicious token payloads
# Update jose library to patched version
npm update jose@latest
# Or specify the exact patched version
npm install jose@4.15.5
# For applications using the 2.x branch
npm install jose@2.0.7
# Verify installed version
npm list jose
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
