Lucene search
HistoryApr 26, 2024 - 12:15 a.m.
CVE-2024-33664
python-jose
denial of service
jwe token
jwt bomb
cve-2024-33664
cve-2024-21319
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
AI Score
6.4
Confidence
High
EPSS
0.001
Percentile
33.0%
python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a “JWT bomb.” This is similar to CVE-2024-21319.
Related
redhatcve
redhatcve
CVE-2024-33664
2024-04-26 06:04:33
CVE-2024-21319
2024-01-10 05:02:11
ubuntucve
ubuntucve
CVE-2024-33664
2024-04-26 00:00:00
CVE-2024-21319
2024-01-09 00:00:00
vulnrichment
vulnrichment
CVE-2024-33664
2024-04-25 00:00:00
debiancve
debiancve
CVE-2024-33664
2024-04-26 00:15:09
osv
osv
python-jose denial of service via compressed JWE content
2024-04-26 00:30:35
CVE-2024-33664
2024-04-26 00:15:09
Microsoft Identity Denial of service vulnerability
2024-01-09 18:28:03
cve
cve
CVE-2024-33664
2024-04-26 00:15:09
CVE-2024-21319
2024-01-09 19:15:12
cvelist
cvelist
CVE-2024-33664
2024-04-25 00:00:00
CVE-2024-21319 Microsoft Identity Denial of service vulnerability
2024-01-09 18:59:01
github
github
python-jose denial of service via compressed JWE content
2024-04-26 00:30:35
Microsoft ASP.NET Core project templates vulnerable to denial of service
2024-01-09 19:35:02
JWX vulnerable to a denial of service attack using compressed JWE message
2024-03-08 15:06:53
openvas
openvas
openSUSE: Security Advisory for python (openSUSE-SU-2024:0149-1)
2024-06-04 00:00:00
Ubuntu: Security Advisory (USN-6578-1)
2024-01-12 00:00:00
.NET Core Multiple Vulnerabilities (KB5033741)
2024-01-11 00:00:00
veracode
veracode
Denial Of Service (DoS)
2024-04-29 07:50:48
Denial Of Service (DoS)
2024-01-10 10:01:02
nessus
nessus
openSUSE 15 Security Update : python-python-jose (openSUSE-SU-2024:0149-1)
2024-06-04 00:00:00
Ubuntu 22.04 LTS / 23.04 / 23.10 : .NET vulnerabilities (USN-6578-1)
2024-01-11 00:00:00
AlmaLinux 8 : .NET 8.0 (ALSA-2024:0150)
2024-01-12 00:00:00
prion
prion
Denial of service
2024-01-09 19:15:00
ibm
ibm
nvd
nvd
CVE-2024-21319
2024-01-09 19:15:12
alpinelinux
alpinelinux
CVE-2024-21319
2024-01-09 19:15:12
mscve
mscve
Microsoft Identity Denial of service vulnerability
2024-01-09 08:00:00
redos
redos
ROS-20240619-01
2024-06-19 00:00:00
kaspersky
kaspersky
KLA62826 Multiple vulnerabilities in Microsoft Azure
2024-01-09 00:00:00
KLA62822 Multiple vulnerabilities in Microsoft Developer Tools
2024-01-09 00:00:00
ubuntu
ubuntu
.NET vulnerabilities
2024-01-11 00:00:00
oraclelinux
oraclelinux
.NET 6.0 security update
2024-01-12 00:00:00
.NET 7.0 security update
2024-01-17 00:00:00
.NET 8.0 security update
2024-02-20 00:00:00
almalinux
almalinux
Important: .NET 6.0 security update
2024-01-10 00:00:00
Important: .NET 7.0 security update
2024-01-10 00:00:00
Important: .NET 6.0 security update
2024-01-10 00:00:00
redhat
redhat
(RHSA-2024:0150) Important: .NET 8.0 security update
2024-01-10 15:15:53
(RHSA-2024:0152) Important: .NET 8.0 security update
2024-01-10 15:18:52
rocky
rocky
.NET 6.0 security update
2024-01-12 19:57:42
.NET 8.0 security update
2024-01-12 19:57:42
.NET 7.0 security update
2024-01-12 19:57:42
mskb
mskb
.NET 8.0 Update - January 09, 2024 (KB5033741)
2024-01-09 08:00:00
.NET 7.0 Update - January 09, 2024 (KB5033734)
2024-01-09 08:00:00
.NET 6.0 Update - January 09, 2024 (KB5033733)
2024-01-09 08:00:00
rapid7blog
rapid7blog
Patch Tuesday - January 2024
2024-01-09 21:23:10
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
AI Score
6.4
Confidence
High
EPSS
0.001
Percentile
33.0%
Related for NVD:CVE-2024-33664