Lucene search
K

13 matches found

Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2024-33664

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a...

5.3CVSS6.8AI score0.00783EPSS
Exploits1References3
IBM Security Bulletins
IBM Security Bulletins
added 2025/02/26 6:46 p.m.11 views

Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in python-jose

Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of python-jose. Vulnerability Details CVEID:CVE-2024-33664 DESCRIPTION: python-jose is vulnerable to a denial of service, caused by a flaw in the decode function. By sending a specially crafted JSON Web Encryption JWE token...

5.3CVSS5.3AI score0.00783EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2025/01/28 10:8 p.m.12 views

Security Bulletin: IBM Maximo Application Suite - Monitor Component is vulnerable to python_jose-3.3.0-py2.py3-none-any.whl CVE-2024-33664

Summary IBM Maximo Application Suite - Monitor Component is vulnerable to pythonjose-3.3.0-py2.py3-none-any.whl CVE-2024-33664. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2024-33664 DESCRIPTION: python-jose is vulnerable to a denial ...

5.3CVSS6.5AI score0.00783EPSS
Exploits1Affected Software1
OpenVAS
OpenVAS
added 2024/06/04 12:0 a.m.24 views

openSUSE Security Advisory (openSUSE-SU-2024:0149-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

5.3CVSS5.5AI score0.00783EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2024/06/04 12:0 a.m.29 views

openSUSE 15 Security Update : python-python-jose (openSUSE-SU-2024:0149-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2024:0149-1 advisory. - CVE-2024-33664: Fixed a denial of service via decoding of a JSON Web Encryption token with a high compression ratio boo1223422 Tenable has extracted th...

5.3CVSS6.3AI score0.00783EPSS
Exploits1References4
OPENSUSE Linux
OPENSUSE Linux
added 2024/06/03 12:0 a.m.10 views

Security update for python-python-jose (important)

openSUSE Security Update: Security update for python-python-jose Announcement ID: openSUSE-SU-2024:0149-1 Rating: important References: 1223422 Cross-References: CVE-2024-33664 CVSS scores: CVE-2024-33664 SUSE: 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H Affected Products: openSUSE Backports...

7.7CVSS7.6AI score0.00783EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2024/04/26 6:4 a.m.62 views

CVE-2024-33664

python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...

6.8CVSS6.2AI score0.02868EPSS
Exploits1References3
NVD
NVD
added 2024/04/26 12:15 a.m.36 views

CVE-2024-33664

python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...

5.3CVSS6.4AI score0.00783EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2024/04/26 12:15 a.m.5 views

aef-gw (>=0.1.1 <=0.1.15), airiam (>=0.1.2 <=0.1.8) +168 more potentially affected by CVE-2024-33664 via python-jose (>=0.5.5 <=3.3.0)

python-jose PYPI version =0.5.5, =0.1.1, =0.1.2, =0.1.0, =0.8.0, =0.9.0, =1.23.0.dev0, =0.1.2, =0.1.18, =1.1.3, =1.5.0, =0.1.7, =0.31.6, =0.3.0, =0.9.0, =0.0.12, =0.0.14 and more Source cves: CVE-2024-33664 Source advisory: OSV:PYSEC-2024-233...

5.3CVSS6.5AI score0.00783EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2024/04/26 12:15 a.m.50 views

CVE-2024-33664

python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...

5.3CVSS6.7AI score0.00783EPSS
Exploits1References3
Cvelist
Cvelist
added 2024/04/25 12:0 a.m.45 views

CVE-2024-33664

python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...

7.8AI score0.00783EPSS
Exploits1References3
CVE
CVE
added 2024/04/25 12:0 a.m.136 views

CVE-2024-33664

The CVE-2024-33664 entry concerns python-jose up to version 3.3.0, where decoding a crafted high-compression JWE token can cause resource exhaustion (denial of service). The vulnerability is triggered during decode of a JSON Web Encryption token with a high compression ratio, and is noted as simi...

5.3CVSS7.4AI score0.00783EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVE
added 2024/04/25 12:0 a.m.48 views

CVE-2024-33664

python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...

5.3CVSS7.3AI score0.00783EPSS
Exploits1
Rows per page
Query Builder