Class based , object oriented programming language. Designed to have less dependencies as possible. The syntex of Java is smilier to C and C++. Commonly used for client-server applications. Java files are compiled by JVM (Java Virtual Machine)

Java

Wolfi is a community Linux OS designed for the container and cloud-native era; it is a Linux distribution based on Alpine.

Wolfi

Chainguard is a Linux distribution based on Alpine. It's the commercial version of the Wolfi distro.

Chainguard

Debian GNU/Linux is a Linux distribution composed of free and open-source software.

Linux Debian

Echo is a secure, minimal Linux OS built vulnerability-free. It is fully compatible across environments and continuously patched - making it a clean, dependable base layer for modern applications. Echo is used by organizations focused on security and reliability, including those with compliance or FIPS requirements.

Echo

In jose4j before 0.9.5, an attacker can cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-66524	HIGH	7.5	Java	cpe:2.3:a:apache:nifi	No	Yes	Dec 19, 2025
CVE-2024-29371	HIGH	7.5	Java	org.bitbucket.b_c:jose4j	No	Yes	Dec 17, 2025
CVE-2025-68384	MEDIUM	6.5	Java	elasticsearch-9.1	No	Yes	Dec 18, 2025
CVE-2025-14763	MEDIUM	6	Java	software.amazon.encryption.s3:amazon-s3-encryption-client-java	No	Yes	Dec 17, 2025
CVE-2025-68390	MEDIUM	4.9	Java	org.elasticsearch.plugin:x-pack-core	No	Yes	Dec 18, 2025

CVE-2024-29371:
Java vulnerability analysis and mitigation

7.5

Related Java vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2024-29371: Java vulnerability analysis and mitigation