Lucene search
K

3 matches found

OSV
OSV
added 4 days ago5 views

PYSEC-2026-361 joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads

Summary The ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause Python logging to record an arbitrarily large, forged JWT payload. Details In situations where a misconfigured — or entirely absent — production-grade web server sits in front of a Python...

9.2CVSS6AI score0.00329EPSS
Exploits1References9
CVE
CVE
added 2025/11/18 11:7 p.m.19 views

CVE-2025-65015

The CVE-2025-65015 issue affects the Python library joserfc (JOSE). Versions 1.3.3–1.3.5 and 1.4.0–1.4.2 embed ExceededSizeError messages with fully loaded JWT payloads, which may cause a misconfigured or fronted production web server to allow arbitrarily large bearer tokens to be logged in full ...

9.2CVSS6.5AI score0.00329EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/11/18 6:26 p.m.10 views

joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads

Summary The ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause Python logging to record an arbitrarily large, forged JWT payload. Details In situations where a misconfigured — or entirely absent — production-grade web server sits in front of a Python...

9.2CVSS7.1AI score0.00329EPSS
Exploits1References7Affected Software1
Rows per page
Query Builder