4 matches found
CVE-2024-33664
python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...
PT-2024-4196 · Pypi +2 · Python-Jose +2
Name of the Vulnerable Software and Affected Versions: python-jose versions 3.3.0 and earlier Description: The issue is related to high resource consumption during the decoding of a crafted JSON Web Encryption JWE token, which can be exploited by a remote attacker to cause a denial of service. Th...
CVE-2024-33664
python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...
CVE-2022-32096
Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component rjweaesgcmkeyunwrap. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted JWE token...