Microsoft Identity Platform DoS Vulnerability (CVE-2024-21319)
CVE-2024-21319 Published on January 9, 2024

Microsoft Identity Denial of service vulnerability
Microsoft Identity Denial of service vulnerability

Github Repository Github Repository Github Repository Vendor Advisory NVD

Weakness Type

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Products Associated with CVE-2024-21319

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-21319 are published in these products:

Canonical Ubuntu Linux

Microsoft Net

Microsoft Identity Model

Microsoft Visual Studio 2022

Affected Versions

Microsoft .NET 6.0:

Version 6.0.0 and below 6.0.26 is affected.

Microsoft Visual Studio 2022 version 17.2:

Version 17.2.0 and below 17.2.23 is affected.

Microsoft Visual Studio 2022 version 17.6:

Version 17.6.0 and below 17.6.11 is affected.

Microsoft Visual Studio 2022 version 17.4:

Version 17.4.0 and below 17.4.15 is affected.

Microsoft Visual Studio 2022 version 17.8:

Version 17.8.0 and below 17.8.4 is affected.

Microsoft .NET 7.0:

Version 7.0.0 and below 7.0.15 is affected.

Microsoft .NET 8.0:

Version 8.0 and below 8.0.1 is affected.

Microsoft Identity Model v6.0.0 forNuget:

Version 6.0 and below 6.34.0 is affected.

Microsoft Identity Model v7.0.0 for Nuget:

Version 7.0 and below 7.1.2 is affected.

Microsoft Identity Model v6.0.0:

Version 6.0 and below 6.34.0 is affected.

Microsoft Identity Model v5.0.0:

Version 5.0 and below 5.7.0 is affected.

Microsoft Identity Model v7.0.0:

Version 7.0 and below 7.1.2 is affected.

Microsoft Identity Model v5.0.0 for Nuget:

Version 5.0 and below 5.7.0 is affected.

Vulnerable Packages

The following package name and versions may be associated with CVE-2024-21319

Package Manager	Vulnerable Package	Versions	Fixed In
nuget	System.IdentityModel.Tokens.Jwt	>= 7.0.0-preview, < 7.1.2	7.1.2
nuget	System.IdentityModel.Tokens.Jwt	< 5.7.0	5.7.0
nuget	System.IdentityModel.Tokens.Jwt	>= 6.5.0, < 6.34.0	6.34.0
nuget	Microsoft.IdentityModel.JsonWebTokens	< 5.7.0	5.7.0
nuget	Microsoft.IdentityModel.JsonWebTokens	>= 6.5.0, < 6.34.0	6.34.0
nuget	Microsoft.IdentityModel.JsonWebTokens	>= 7.0.0-preview, < 7.1.2	7.1.2
pip	jwcrypto	<= 1.5.5	1.5.6

Exploit Probability

EPSS

0.59%

Percentile

68.92%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.