Lucene search
K

4 matches found

RedHat Linux
RedHat Linux
added yesterday4 views

jose4j: jose4j: Denial of Service via malicious JSON Web Encryption (JWE) token compression

A flaw was found in jose4j. A remote attacker can exploit this by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression. This...

7.5CVSS6.9AI score0.00244EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.5 views

PT-2025-51835

In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...

5.3CVSS6.8AI score0.00166EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/12/17 12:0 a.m.5 views

jose4j 安全漏洞

jose4j is a powerful and easy-to-use open source implementation of the JSON Web Token JWT and the JOSE suite of specifications JWS, JWE, and JWK from Bitbucket Open Source. A security vulnerability exists in jose4j versions prior to 0.9.5, which stems from an attacker being able to construct...

7.5CVSS6.2AI score0.00244EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2024/08/15 8:7 p.m.4 views

jose4j: jose4j: Denial of Service via malicious JSON Web Encryption (JWE) token compression

A flaw was found in jose4j. A remote attacker can exploit this by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression. This...

7.5CVSS5.8AI score0.00244EPSS
Exploits1References5
Rows per page
Query Builder