{"id":"GO-2024-2454","summary":"Panic due to nil pointer dereference in github.com/lestrrat-go/jwx/v2","details":"Panic due to nil pointer dereference in github.com/lestrrat-go/jwx/v2","aliases":["CVE-2024-21664","GHSA-pvcr-v8j8-j5q3"],"modified":"2026-03-17T04:49:05.656317Z","published":"2024-01-23T18:01:33Z","related":["CGA-rg2f-wh8h-jrh5"],"database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2024-2454"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-21664"},{"type":"FIX","url":"https://github.com/lestrrat-go/jwx/commit/0e8802ce6842625845d651456493e7c87625601f"},{"type":"FIX","url":"https://github.com/lestrrat-go/jwx/commit/d69a721931a5c48b9850a42404f18e143704adcd"}],"affected":[{"package":{"name":"github.com/lestrrat-go/jwx","ecosystem":"Go","purl":"pkg:golang/github.com/lestrrat-go/jwx"},"ranges":[{"type":"SEMVER","events":[{"introduced":"1.0.8"},{"fixed":"1.2.28"}]}],"ecosystem_specific":{"imports":[{"symbols":["Message.UnmarshalJSON"],"path":"github.com/lestrrat-go/jwx/jws"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2024-2454.json"}},{"package":{"name":"github.com/lestrrat-go/jwx/v2","ecosystem":"Go","purl":"pkg:golang/github.com/lestrrat-go/jwx/v2"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"2.0.19"}]}],"ecosystem_specific":{"imports":[{"symbols":["Message.UnmarshalJSON"],"path":"github.com/lestrrat-go/jwx/v2/jws"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2024-2454.json"}}],"schema_version":"1.7.5"}