CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
9.0%
jwcrypto is vulnerable to Denial Of Service (DoS). The vulnerability is due to there is no proper validation on the length of tokens being processed by JWCrypto
in the file jwe.py
. This flaw allowing an attacker being able to exploit a high compression ratio in a malicious JWE Token, consuming excessive memory and processing time during token processing.