11 matches found
CVE-2025-65015
joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause...
SUSE CVE-2025-65015
joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause...
CVE-2025-65015
joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause...
CVE-2025-65015 joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads
joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause...
CVE-2025-65015
The CVE-2025-65015 issue affects the Python library joserfc (JOSE). Versions 1.3.3–1.3.5 and 1.4.0–1.4.2 embed ExceededSizeError messages with fully loaded JWT payloads, which may cause a misconfigured or fronted production web server to allow arbitrarily large bearer tokens to be logged in full ...
CVE-2025-65015 joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads
joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause...
CVE-2025-65015 joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads
joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause...
GHSA-FRFH-8V73-GJG4 joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads
Summary The ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause Python logging to record an arbitrarily large, forged JWT payload. Details In situations where a misconfigured — or entirely absent — production-grade web server sits in front of a Python...
joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads
Summary The ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause Python logging to record an arbitrarily large, forged JWT payload. Details In situations where a misconfigured — or entirely absent — production-grade web server sits in front of a Python...
joserfc 安全漏洞
joserfc is a Python library open-sourced by Authlib. A security vulnerability exists in joserfc version 1.3.3 up to and including version 1.3.5 and version 1.4.0 up to and including version 1.4.2, which stems from an ExceededSizeError exception message embedded in the Undecoded JWT Token section,...
PT-2025-47405
Name of the Vulnerable Software and Affected Versions joserfc versions 1.3.3 through 1.3.4 joserfc versions 1.4.0 through 1.4.1 Description The joserfc library has an issue where excessively large JWT JSON Web Token payloads can be logged, potentially leading to resource exhaustion. Specifically,...