openSUSE Security Advisory (openSUSE-SU-2024:0149-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 15 Security Update : python-python-jose (openSUSE-SU-2024:0149-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2024:0149-1 advisory. - CVE-2024-33664: Fixed a denial of service via decoding of a JSON Web Encryption token with a high compression ratio boo1223422 Tenable has extracted th...

OPENSUSE-SU-2024:0149-1 Security update for python-python-jose

This update for python-python-jose fixes the following issues: - CVE-2024-33664: Fixed a denial of service via decoding of a JSON Web Encryption token with a high compression ratio boo1223422...

Security update for python-python-jose (important)

openSUSE Security Update: Security update for python-python-jose Announcement ID: openSUSE-SU-2024:0149-1 Rating: important References: 1223422 Cross-References: CVE-2024-33664 CVSS scores: CVE-2024-33664 SUSE: 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H Affected Products: openSUSE Backports...

openSUSE 15 Security Update : python-python-jose (openSUSE-SU-2024:0118-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2024:0118-1 advisory. - python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217. CVE-2024-33663 Note...

OPENSUSE-SU-2024:0118-1 Security update for python-python-jose

This update for python-python-jose fixes the following issues: CVE-2024-33663: Fixed algorithm confusion with OpenSSH ECDSA keys and other key formats boo1223417...

Security update for python-python-jose (important)

openSUSE Security Update: Security update for python-python-jose Announcement ID: openSUSE-SU-2024:0118-1 Rating: important References: 1223417 Cross-References: CVE-2024-33663 CVSS scores: CVE-2024-33663 SUSE: 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: openSUSE Backports...

Denial Of Service (DoS)

python-jose is vulnerable to Denial of Service DoS. The vulnerability is due to missing token size limits during the decoding process of a JSON Web Encryption JWE token. An attacker can submit a token with a high compression ratio, depleting system resources which can result in Denial of Service...

SUSE CVE-2024-33663

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...

SUSE CVE-2024-33664

python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...

CVE-2024-33664

python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...

CVE-2024-33663

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...

python-jose denial of service via compressed JWE content

python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...

GHSA-CJWG-QFPM-7377 python-jose denial of service via compressed JWE content

python-jose through 3.3.0 allows attackers to cause a denial of service resource consumption during a decode via a crafted JSON Web Encryption JWE token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319...

aef-gw (>=0.1.1 <=0.1.15), airiam (>=0.1.2 <=0.1.8) +166 more potentially affected by CVE-2024-33663 via python-jose (>=0.5.5 <=3.3.0)

python-jose PYPI version =0.5.5, =0.1.1, =0.1.2, =0.1.0, =0.8.0, =0.9.0, =1.23.0.dev0, =0.1.2, =0.1.18, =1.1.3, =1.5.0, =0.1.7, =0.31.6, =0.3.0, =0.9.0, =0.0.12, =0.0.14 and more Source cves: CVE-2024-33663 Source advisory: OSV:GHSA-6C5P-J8VQ-PQHJ...

GHSA-6C5P-J8VQ-PQHJ python-jose algorithm confusion with OpenSSH ECDSA keys

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...

aef-gw (>=0.1.1 <=0.1.15), airiam (>=0.1.2 <=0.1.8) +166 more potentially affected by CVE-2024-33664 via python-jose (>=0.5.5 <=3.3.0)

python-jose PYPI version =0.5.5, =0.1.1, =0.1.2, =0.1.0, =0.8.0, =0.9.0, =1.23.0.dev0, =0.1.2, =0.1.18, =1.1.3, =1.5.0, =0.1.7, =0.31.6, =0.3.0, =0.9.0, =0.0.12, =0.0.14 and more Source cves: CVE-2024-33664 Source advisory: OSV:GHSA-CJWG-QFPM-7377...

python-jose algorithm confusion with OpenSSH ECDSA keys

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217...

aef-gw (>=0.1.1 <=0.1.15), airiam (>=0.1.2 <=0.1.8) +166 more potentially affected by CVE-2024-33663 via python-jose (>=0.5.5 <=3.3.0)

python-jose PYPI version =0.5.5, =0.1.1, =0.1.2, =0.1.0, =0.8.0, =0.9.0, =1.23.0.dev0, =0.1.2, =0.1.18, =1.1.3, =1.5.0, =0.1.7, =0.31.6, =0.3.0, =0.9.0, =0.0.12, =0.0.14 and more Source cves: CVE-2024-33663 Source advisory: OSV:PYSEC-2024-232...

aef-gw (>=0.1.1 <=0.1.15), airiam (>=0.1.2 <=0.1.8) +166 more potentially affected by CVE-2024-33664 via python-jose (>=0.5.5 <=3.3.0)

python-jose PYPI version =0.5.5, =0.1.1, =0.1.2, =0.1.0, =0.8.0, =0.9.0, =1.23.0.dev0, =0.1.2, =0.1.18, =1.1.3, =1.5.0, =0.1.7, =0.31.6, =0.3.0, =0.9.0, =0.0.12, =0.0.14 and more Source cves: CVE-2024-33664 Source advisory: OSV:PYSEC-2024-233...