[email protected]CVE-2024-33664

HistoryApr 26, 2024 - 12:15 a.m.

CVE-2024-33664

2024-04-2600:15:09

[email protected]

web.nvd.nist.gov

python-jose denial of service jwe token crafted cve-2024-33664 similar 21319

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

8.4%

JSON

python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a “JWT bomb.” This is similar to CVE-2024-21319.

References

github.com/mpdavis/python-jose/issues/344

github.com/mpdavis/python-jose/pull/345

ubuntucve 2

redhatcve 2

debiancve 1

osv 18

github 4

veracode 2

cve 1

prion 1

alpinelinux 1

mscve 1

nessus 28

openvas 4

kaspersky 2

ubuntu 1

almalinux 6

oraclelinux 6

redhat 7

rocky 3

mskb 3

rapid7blog 1

ubuntucve

CVE-2024-33664

2024-04-26 00:00:00

CVE-2024-21319

2024-01-09 00:00:00

redhatcve

CVE-2024-33664

2024-04-26 06:04:33

CVE-2024-21319

2024-01-10 05:02:11

debiancve

CVE-2024-33664

2024-04-26 00:15:09

osv

python-jose denial of service via compressed JWE content

2024-04-26 00:30:35

CVE-2024-33664

2024-04-26 00:15:09

Microsoft ASP.NET Core project templates vulnerable to denial of service

2024-01-09 19:35:02

github

python-jose denial of service via compressed JWE content

2024-04-26 00:30:35

Microsoft ASP.NET Core project templates vulnerable to denial of service

2024-01-09 19:35:02

JWX vulnerable to a denial of service attack using compressed JWE message

2024-03-08 15:06:53

veracode

Denial Of Service (DoS)

2024-04-29 07:50:48

Denial Of Service (DoS)

2024-01-10 10:01:02

cve

CVE-2024-21319

2024-01-09 18:59:01

prion

Denial of service

2024-01-09 19:15:00

alpinelinux

CVE-2024-21319

2024-01-09 19:15:12

mscve

Microsoft Identity Denial of service vulnerability

2024-01-09 08:00:00

nessus

Ubuntu 22.04 LTS / 23.04 / 23.10 : .NET vulnerabilities (USN-6578-1)

2024-01-11 00:00:00

Oracle Linux 8 : .NET / 7.0 (ELSA-2024-0157)

2024-01-18 00:00:00

AlmaLinux 9 : .NET 7.0 (ALSA-2024:0151)

2024-01-12 00:00:00

openvas

Ubuntu: Security Advisory (USN-6578-1)

2024-01-12 00:00:00

.NET Core Multiple Vulnerabilities (KB5033741)

2024-01-11 00:00:00

.NET Core Multiple Vulnerabilities (KB5033733)

2024-01-11 00:00:00

kaspersky

KLA62826 Multiple vulnerabilities in Microsoft Azure

2024-01-09 00:00:00

KLA62822 Multiple vulnerabilities in Microsoft Developer Tools

2024-01-09 00:00:00

ubuntu

.NET vulnerabilities

2024-01-11 00:00:00

almalinux

Important: .NET 7.0 security update

2024-01-10 00:00:00

Important: .NET 6.0 security update

2024-01-10 00:00:00

Important: .NET 8.0 security update

2024-01-10 00:00:00

oraclelinux

.NET 7.0 security update

2024-01-17 00:00:00

.NET 6.0 security update

2024-01-12 00:00:00

.NET 8.0 security update

2024-02-20 00:00:00

redhat

(RHSA-2024:0152) Important: .NET 8.0 security update

2024-01-10 15:18:52

(RHSA-2024:0150) Important: .NET 8.0 security update

2024-01-10 15:15:53

(RHSA-2024:0255) Important: .NET 6.0 security, bug fix, and enhancement update

2024-01-15 15:30:34

rocky

.NET 8.0 security update

2024-01-12 19:57:42

.NET 6.0 security update

2024-01-12 19:57:42

.NET 7.0 security update

2024-01-12 19:57:42

mskb

.NET 8.0 Update - January 09, 2024 (KB5033741)

2024-01-09 08:00:00

.NET 6.0 Update - January 09, 2024 (KB5033733)

2024-01-09 08:00:00

.NET 7.0 Update - January 09, 2024 (KB5033734)

2024-01-09 08:00:00

rapid7blog

Patch Tuesday - January 2024

2024-01-09 21:23:10

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

CVE-2024-33664

References

Related