58 matches found
Security Bulletin: A security vulnerability may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Standard.
Summary A security vulnerability may affect IBM WebSphere Liberty that is shipped with IBM CICS TX Standard CVE-2024-29371. IBM WebSphere Liberty has been updated within IBM CICS TX Standard to address this vulnerability. Vulnerability Details CVEID:CVE-2024-29371 DESCRIPTION: In jose4j before...
Exploit for CVE-2026-29000
CVE-2026-29000 – pac4j JWT Authentication Bypass Python PoC...
joserfc 安全漏洞
Joserfc is a Python library developed by Authlib. Joserfc versions 1.6.2 and earlier have security vulnerabilities. These vulnerabilities stem from the lack of verification or restrictions on the p2c parameter value in the JWE token. This allows unverified attackers to cause denial-of-service...
SUSE CVE-2024-29371
In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during...
Linux Distros Unpatched Vulnerability : CVE-2024-29371
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high...
jose4j is vulnerable to DoS via compressed JWE content
In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during...
PYSEC-2025-185
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
CVE-2024-29371
In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during...
UBUNTU-CVE-2024-29371
In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during...
CVE-2024-29371
In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during...
CVE-2025-63811
An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allowing an attacker to cause a Denial-of-Service DoS via crafted JSON Web Encryption JWE token with an exceptionally high compression ratio...
PT-2025-46682
Name of the Vulnerable Software and Affected Versions jose2go versions 1.5.0 through 1.7.0 Description An issue exists that allows an attacker to cause a Denial-of-Service DoS condition. This is achieved by using a specially crafted JSON Web Encryption JWE token that has an exceptionally high...
EUVD-2022-53364
Malicious code in bioql PyPI...
jose4j: jose4j: Denial of Service via malicious JSON Web Encryption (JWE) token compression
A flaw was found in jose4j. A remote attacker can exploit this by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression. This...
CVE-2022-32096
Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component rjweaesgcmkeyunwrap. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted JWE token...
CVE-2025-46344
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions starting from 4.0.1 and prior to 4.5.1, do not invoke .setExpirationTime when generating a JWE token for the session. As a result, the JWE does not contain an internal expiration claim. While...
CVE-2025-46344 Auth0 NextJS SDK v4 Missing Session Invalidation
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions starting from 4.0.1 and prior to 4.5.1, do not invoke .setExpirationTime when generating a JWE token for the session. As a result, the JWE does not contain an internal expiration claim. While...
CVE-2025-46344
Summary of affected component: Auth0 Next.js SDK (nextjs-auth0), version range 4.0.1 through 4.5.0. Root cause: When generating a JWE token for the session, the code does not invoke .setExpirationTime, so the JWE lacks an internal expiration claim; session cookies may expire, but the JWE remains ...
CVE-2025-46344 Auth0 NextJS SDK v4 Missing Session Invalidation
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions starting from 4.0.1 and prior to 4.5.1, do not invoke .setExpirationTime when generating a JWE token for the session. As a result, the JWE does not contain an internal expiration claim. While...
CVE-2025-46344 Auth0 NextJS SDK v4 Missing Session Invalidation
The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions starting from 4.0.1 and prior to 4.5.1, do not invoke .setExpirationTime when generating a JWE token for the session. As a result, the JWE does not contain an internal expiration claim. While...