93 matches found
ROS-20260209-73-0034
A vulnerability in the python-jose library is related to incorrect processing of highly compressed input data. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
SUSE CVE-2024-29370
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
CVE-2024-29370
A flaw was found in python-jose. This vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio, leading to significant memory allocation and processing time during decompression...
Linux Distros Unpatched Vulnerability : CVE-2024-29370
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of- Service DoS condition by crafting a malicious JSON Web...
Duplicate Advisory: python-jose denial of service via compressed JWE content
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cjwg-qfpm-7377. This link is maintained to preserve external references. Original Description In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS...
GHSA-H4PW-WXH7-4VJJ Duplicate Advisory: python-jose denial of service via compressed JWE content
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cjwg-qfpm-7377. This link is maintained to preserve external references. Original Description In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS...
EUVD-2024-26380
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
CVE-2024-29370
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
aef-gw (>=0.1.1 <=0.1.15), airiam (>=0.1.2 <=0.1.8) +169 more potentially affected by CVE-2024-29370 via python-jose (>=0.5.5 <=3.3.0)
python-jose PYPI version =0.5.5, =0.1.1, =0.1.2, =0.1.0, =0.8.0, =0.9.0, =1.23.0.dev0, =0.1.2, =0.1.18, =1.1.3, =1.5.0, =0.1.7, =0.31.6, =0.3.0, =0.9.0, =0.0.12, =0.0.14 and more Source cves: CVE-2024-29370 Source advisory: OSV:PYSEC-2025-185...
PYSEC-2025-185
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
DEBIAN-CVE-2024-29370
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
PYSEC-2025-185
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
CVE-2024-29370
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
UBUNTU-CVE-2024-29370
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
CVE-2024-29370
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
CVE-2024-29370
CVE-2024-29370 affects python-jose 3.3.0 (jwe.decrypt). An attacker can craft a malicious JWE with an exceptionally high compression ratio, causing a Denial-of-Service through heavy memory allocation and processing time during decompression. The CVSS vector in the description indicates Availabili...
python-jose 安全漏洞
python-jose is a JOSE implementation in Python by the individual developer Michael Davis. A security vulnerability exists in python-jose version 3.3.0, which stems from an attacker being able to construct malicious JSON Web Encryption tokens with extremely high compression rates, potentially...
CVE-2024-29370
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
PT-2025-51835
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
CVE-2024-29370
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...