93 matches found
PYSEC-2024-232
python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...
PYSEC-2024-233
python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...
aef-gw (>=0.1.1 <=0.1.15), airiam (>=0.1.2 <=0.1.8) +169 more potentially affected by CVE-2024-33663 via python-jose (>=0.5.5 <=3.3.0)
python-jose PYPI version =0.5.5, =0.1.1, =0.1.2, =0.1.0, =0.8.0, =0.9.0, =1.23.0.dev0, =0.1.2, =0.1.18, =1.1.3, =1.5.0, =0.1.7, =0.31.6, =0.3.0, =0.9.0, =0.0.12, =0.0.14 and more Source cves: CVE-2024-33663 Source advisory: OSV:PYSEC-2024-232...
DEBIAN-CVE-2024-33664
python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...
PYSEC-2024-233
python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...
PYSEC-2024-232
python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...
DEBIAN-CVE-2024-33663
python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...
CVE-2024-33664
python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...
UBUNTU-CVE-2024-33663
python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...
UBUNTU-CVE-2024-33664
python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...
CVE-2024-33663
python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...
CVE-2024-33664
python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...
PT-2024-4196 · Pypi +2 · Python-Jose +2
Name of the Vulnerable Software and Affected Versions: python-jose versions 3.3.0 and earlier Description: The issue is related to high resource consumption during the decoding of a crafted JSON Web Encryption JWE token, which can be exploited by a remote attacker to cause a denial of service. Th...
PT-2024-4195 · Unknown +2 · Python-Jose +2
Name of the Vulnerable Software and Affected Versions: python-jose versions 3.3.0 and earlier Description: The issue is related to algorithm confusion with OpenSSH ECDSA keys and other key formats in the python-jose component. It is associated with the definition of a prefix blacklist for OpenSSH...
python-jose 安全漏洞
python-jose is a JOSE implementation in Python by the individual developer Michael Davis. A security vulnerability exists in python-jose 3.3.0 and earlier versions, which stems from confusion between OpenSSH ECDSA keys and other key formats...
python-jose 安全漏洞
python-jose is a JOSE implementation in Python by the individual developer Michael Davis. A security vulnerability exists in python-jose 3.3.0 and earlier versions that originated from allowing an attacker to cause a denial of service via a specially crafted high-compression rate JSON Web...
CVE-2024-33664
python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...
CVE-2024-33664
The CVE-2024-33664 entry concerns python-jose up to version 3.3.0, where decoding a crafted high-compression JWE token can cause resource exhaustion (denial of service). The vulnerability is triggered during decode of a JSON Web Encryption token with a high compression ratio, and is noted as simi...
CVE-2024-33664
python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...
CVE-2024-33663
CVE-2024-33663 concerns python-jose up to version 3.3.0, where an algorithm confusion occurs between OpenSSH ECDSA keys and other key formats. The issue, described across multiple feeds (CNNVD, Debian tracker, CVE lists), is analogous to CVE-2022-29217 and is framed as a key-format/algorithm conf...