Lucene search
K

5 matches found

EUVD
EUVD
added 2026/06/26 8:59 p.m.12 views

EUVD-2026-37805

joserfc: b64=false RFC7797 JWS payloads bypass JWSRegistry payload-size limits during deserialization...

5.3CVSS5.8AI score0.00163EPSS
Exploits0References3
Veracode
Veracode
added 2026/06/22 10:45 a.m.8 views

Resource Exhaustion

joserfc is vulnerable to Resource Exhaustion. The vulnerability is due to missing payload size validation for RFC7797 b64=false JWS payloads, where oversized payloads bypass the configured maximum payload length check, and attackers can exploit it by submitting large JWS tokens that consume...

5.3CVSS5.8AI score0.00163EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/17 10:16 p.m.11 views

CVE-2026-48990

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions 1.3.4 through 1.6.5, joserfc accepts oversized RFC7797 b64=false JWS payloads without applying JWSRegistry.maxpayloadlength, which can lead to resource exhaustion...

5.3CVSS0.00163EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/17 9:8 p.m.22 views

CVE-2026-48990 joserfc: b64=false RFC7797 JWS payloads bypass JWSRegistry payload-size limits during deserialization

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions 1.3.4 through 1.6.5, joserfc accepts oversized RFC7797 b64=false JWS payloads without applying JWSRegistry.maxpayloadlength, which can lead to resource exhaustion...

5.3CVSS0.00163EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/06/17 9:8 p.m.8 views

CVE-2026-48990

joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption JOSE standards. In versions 1.3.4 through 1.6.5, joserfc accepts oversized RFC7797 b64=false JWS payloads without applying JWSRegistry.maxpayloadlength, which can lead to resource exhaustion...

5.3CVSS5.4AI score0.00163EPSS
Exploits0
Rows per page
Query Builder