CVE-2024-29371

In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during...

DEBIAN-CVE-2024-28102

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and...

UBUNTU-CVE-2024-28102

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and...

JWCrypto Security Vulnerability

JWCrypto is a JWCrypto open source implementation of the Javascript Object Signing and Encryption JOSE web standard. A security vulnerability exists in JWCrypto 1.5.5 and earlier versions, which stems from a vulnerability that allows an attacker to trigger a DoS attack by passing in a malicious J...

PT-2024-2212

Name of the Vulnerable Software and Affected Versions jwx versions prior to 1.2.29 jwx versions prior to 2.0.21 Description This issue allows an attacker with a trusted public key to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionall...