96 matches found
ROS-20260209-73-0034
A vulnerability in the python-jose library is related to incorrect processing of highly compressed input data. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...
SUSE CVE-2024-29370
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
CVE-2024-29370
A flaw was found in python-jose. This vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio, leading to significant memory allocation and processing time during decompression...
Linux Distros Unpatched Vulnerability : CVE-2024-29370
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of- Service DoS condition by crafting a malicious JSON Web...
Duplicate Advisory: python-jose denial of service via compressed JWE content
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cjwg-qfpm-7377. This link is maintained to preserve external references. Original Description In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS...
EUVD-2024-26380
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
GHSA-H4PW-WXH7-4VJJ Duplicate Advisory: python-jose denial of service via compressed JWE content
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cjwg-qfpm-7377. This link is maintained to preserve external references. Original Description In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS...
datawire-cloudtools (=0.2.6) potentially affected by CVE-2024-29370 via python-jose (=0.5.5)
python-jose PYPI version =0.5.5 is affected by a known vulnerability. The following packages have a transitive dependency on python-jose and may be impacted: - datawire-cloudtools =0.2.6 Source cves: CVE-2024-29370 Source advisory: OSV:PYSEC-2025-185...
PYSEC-2025-185
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
CVE-2024-29370
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
core-devoops (>=0.0.1 <=0.0.2), flask-adfs (>=0.1.9 <=0.1.19) +2 more potentially affected by CVE-2024-29370 via python-jose (>=1.3.2 <=1.4.0)
python-jose PYPI version =1.3.2, =0.0.1, =0.1.9, =0.5.1, =0.3.2, =0.3.3 Source cves: CVE-2024-29370 Source advisory: OSV:PYSEC-2025-185...
PYSEC-2025-185
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
allennlp (>=0.8.0 <=0.8.2), cloudless (=0.0.0) +6 more potentially affected by CVE-2024-29370 via python-jose (=2.0.2)
python-jose PYPI version =2.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on python-jose and may be impacted: - allennlp =0.8.0, =1.0.0, =1.3.4, =0.4.3, =0.0.25, =0.0.26 Source cves: CVE-2024-29370 Source advisory: OSV:PYSEC-2025-185...
CVE-2024-29370
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
1xn-vmcp (>=0.1.0 <=0.6.1), a2 (>=0.1.0 <=0.3.17) +1903 more potentially affected by CVE-2024-29370 via python-jose (>=3.0.0 <=3.5.0)
python-jose PYPI version =3.0.0, =0.1.0, =0.1.0, =0.3.6, =0.1.2b0, =0.0.1a1, =0.1.0, =0.1.1, =3.1.0b1, =1.0.3, =0.1.0a0, =1.0.0, =0.0.1a2, =0.1.0, =0.2.0, =0.2.1 and more Source cves: CVE-2024-29370 Source advisory: OSV:PYSEC-2025-185...
DEBIAN-CVE-2024-29370
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
UBUNTU-CVE-2024-29370
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
CVE-2024-29370
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
CVE-2024-29370
In python-jose 3.3.0 specifically jwe.decrypt, a vulnerability allows an attacker to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant...
python-jose 安全漏洞
python-jose is a JOSE implementation in Python by the individual developer Michael Davis. A security vulnerability exists in python-jose version 3.3.0, which stems from an attacker being able to construct malicious JSON Web Encryption tokens with extremely high compression rates, potentially...