CVE-2024-29370

A flaw was found in python-jose. This vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio, leading to significant memory allocation and processing time during decompression...

EUVD-2024-26380

In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...

GHSA-H4PW-WXH7-4VJJ Duplicate Advisory: python-jose denial of service via compressed JWE content

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cjwg-qfpm-7377. This link is maintained to preserve external references. Original Description In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS...

Duplicate Advisory: python-jose denial of service via compressed JWE content

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cjwg-qfpm-7377. This link is maintained to preserve external references. Original Description In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS...

Allocation of Resources Without Limits or Throttling

Overview org.bitbucket.bc:jose4j is a robust and easy to use open source implementation of JSON Web Token JWT and the JOSE specification suite JWS, JWE, and JWK. It is written in Java and relies solely on the JCA APIs for cryptography. Please see https://bitbucket.org/bc/jose4j/wiki/Home for more...

DEBIAN-CVE-2024-29371

In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during...

PYSEC-2025-185

In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...

UBUNTU-CVE-2024-29370

In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...

python-jose 安全漏洞

python-jose is a JOSE implementation in Python by the individual developer Michael Davis. A security vulnerability exists in python-jose version 3.3.0, which stems from an attacker being able to construct malicious JSON Web Encryption tokens with extremely high compression rates, potentially...

jose4j 安全漏洞

jose4j is a powerful and easy-to-use open source implementation of the JSON Web Token JWT and the JOSE suite of specifications JWS, JWE, and JWK from Bitbucket Open Source. A security vulnerability exists in jose4j versions prior to 0.9.5, which stems from an attacker being able to construct...

TencentOS Server 3: jose (TSSA-2024:0392)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0392 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

GO-2025-4123 Denial-of-Service (DoS) via crafted JSON Web Encryption (JWE) token high compression ratio in github.com/dvsekhvalnov/jose2go

Denial-of-Service DoS via crafted JSON Web Encryption JWE token high compression ratio in github.com/dvsekhvalnov/jose2go...

CVE-2025-63811

A flaw was found in jose2go. This vulnerability allows an attacker to cause a Denial-of-Service DoS via crafted JSON Web Encryption JWE token with an exceptionally high compression ratio...

jose2go is vulnerable to a JWT bomb attack through its decode function

An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allowing an attacker to cause a Denial-of-Service DoS via crafted JSON Web Encryption JWE token with an exceptionally high compression ratio...

CVE-2025-63811

An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allowing an attacker to cause a Denial-of-Service DoS via crafted JSON Web Encryption JWE token with an exceptionally high compression ratio...

jose2go 安全漏洞

jose2go is a Golang-implemented Javascript object signing and encryption specification for DV individual developers. A security vulnerability exists in jose2go versions 1.5.0 through 1.7.0, which stems from a specially crafted JWE token that could lead to a denial of service...

CVE-2025-63811

An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allowing an attacker to cause a Denial-of-Service DoS via crafted JSON Web Encryption JWE token with an exceptionally high compression ratio...

CVE-2025-63811

CVE-2025-63811 affects dvsekhvalnov/jose2go (version range 1.5.0 through 1.7.0). The issue allows a Denial-of-Service via a crafted JSON Web Encryption (JWE) token with an exceptionally high compression ratio. The connected OSV entry GO-2025-4123 explicitly references this DoS scenario in the jos...

CVE-2025-63811

An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allowing an attacker to cause a Denial-of-Service DoS via crafted JSON Web Encryption JWE token with an exceptionally high compression ratio...

CVE-2025-62706

Authlib is a Python library which builds OAuth and OpenID Connect servers. Prior to version 1.6.5, Authlib’s JWE zip=DEF path performs unbounded DEFLATE decompression. A very small ciphertext can expand into tens or hundreds of megabytes on decrypt, allowing an attacker who can supply decryptable...