96 matches found
CVE-2024-29370
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
CVE-2024-29370
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
CVE-2024-29370
CVE-2024-29370 affects python-jose 3.3.0 (jwe.decrypt). An attacker can craft a malicious JWE with an exceptionally high compression ratio, causing a Denial-of-Service through heavy memory allocation and processing time during decompression. The CVSS vector in the description indicates Availabili...
CVE-2025-61152
python-jose thru 3.3.0 allows JWT tokens with 'alg=none' to be decoded and accepted without any cryptographic signature verification. A malicious actor can craft a forged token with arbitrary claims e.g., isadmin=true and bypass authentication checks, leading to privilege escalation or unauthoriz...
Linux Distros Unpatched Vulnerability : CVE-2025-61152
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - python-jose thru 3.3.0 allows JWT tokens with 'alg=none' to be decoded and accepted without any cryptographic signature verification. A malicious actor can craf...
SUSE CVE-2025-61152
python-jose thru 3.3.0 allows JWT tokens with 'alg=none' to be decoded and accepted without any cryptographic signature verification. A malicious actor can craft a forged token with arbitrary claims e.g., isadmin=true and bypass authentication checks, leading to privilege escalation or unauthoriz...
CVE-2025-61152
python-jose thru 3.3.0 allows JWT tokens with 'alg=none' to be decoded and accepted without any cryptographic signature verification. A malicious actor can craft a forged token with arbitrary claims e.g., isadmin=true and bypass authentication checks, leading to privilege escalation or unauthoriz...
CVE-2025-61152
python-jose thru 3.3.0 allows JWT tokens with 'alg=none' to be decoded and accepted without any cryptographic signature verification. A malicious actor can craft a forged token with arbitrary claims e.g., isadmin=true and bypass authentication checks, leading to privilege escalation or unauthoriz...
DEBIAN-CVE-2025-61152
python-jose thru 3.3.0 allows JWT tokens with 'alg=none' to be decoded and accepted without any cryptographic signature verification. A malicious actor can craft a forged token with arbitrary claims e.g., isadmin=true and bypass authentication checks, leading to privilege escalation or unauthoriz...
UBUNTU-CVE-2025-61152
python-jose thru 3.3.0 allows JWT tokens with 'alg=none' to be decoded and accepted without any cryptographic signature verification. A malicious actor can craft a forged token with arbitrary claims e.g., isadmin=true and bypass authentication checks, leading to privilege escalation or unauthoriz...
CVE-2025-61152
python-jose thru 3.3.0 allows JWT tokens with 'alg=none' to be decoded and accepted without any cryptographic signature verification. A malicious actor can craft a forged token with arbitrary claims e.g., isadmin=true and bypass authentication checks, leading to privilege escalation or unauthoriz...
CVE-2025-61152
The vulnerability CVE-2025-61152 affects python-jose up to version 3.3.0. It allows JWT tokens signed with alg=none to be decoded and accepted without cryptographic signature verification, enabling a forged token with arbitrary claims (e.g., is_admin=true) and bypassing authentication in applicat...
CVE-2025-61152
python-jose thru 3.3.0 allows JWT tokens with 'alg=none' to be decoded and accepted without any cryptographic signature verification. A malicious actor can craft a forged token with arbitrary claims e.g., isadmin=true and bypass authentication checks, leading to privilege escalation or unauthoriz...
PT-2025-41563
Name of the Vulnerable Software and Affected Versions python-jose versions through 3.3.0 Description The software accepts JWT tokens with 'alg=none' without cryptographic signature verification. This allows a malicious actor to create forged tokens with arbitrary claims, potentially bypassing...
CVE-2025-61152
Removed by vendor...
EUVD-2017-0109
Malware in sbrugna...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in python-jose
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of python-jose. Vulnerability Details CVEID:CVE-2024-33664 DESCRIPTION: python-jose is vulnerable to a denial of service, caused by a flaw in the decode function. By sending a specially crafted JSON Web Encryption JWE token...
Security Bulletin: IBM watsonx Orchestrate Cartridge affected by vulnerability in python-jose
Summary IBM watsonx Orchestrate Cartridge contains a vulnerable version of python-jose Vulnerability Details CVEID:CVE-2024-33663 DESCRIPTION: python-jose could allow a remote attacker to bypass security restrictions, caused by a flaw when the algorithm field is left unspecified when calling...
python-jose: algorithm confusion with OpenSSH ECDSA keys and other key formats
python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...
Moderate: Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update
An update is now available for Red Hat Ansible Automation Platform 2.4 Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...