Lucene search
Veracode Vulnerability DatabaseVERACODE:46671HistoryApr 29, 2024 - 7:50 a.m.
Denial Of Service (DoS)
2024-04-2907:50:48
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
4
python-jose
vulnerability
token size limit
dos
jwt bomb
python-jose is vulnerable to Denial of Service (DoS). The vulnerability is due to missing token size limits during the decoding process of a JSON Web Encryption (JWE) token. An attacker can submit a token with a high compression ratio, depleting system resources which can result in Denial of Service. This vulnerability is known as a “JWT bomb”, similar to a “zip bomb”.
| CPE | Name | Operator | Version |
|---|---|---|---|
| python-jose | le | 3.3.0 | |
| python-jose | le | 3.3.0 |
Related
ubuntucve
ubuntucve
CVE-2024-33664
2024-04-26 00:00:00
redhatcve
redhatcve
CVE-2024-33664
2024-04-26 06:04:33
osv
osv
CVE-2024-33664
2024-04-26 00:15:09
python-jose denial of service via compressed JWE content
2024-04-26 00:30:35
debiancve
debiancve
CVE-2024-33664
2024-04-26 00:15:09
cve
cve
CVE-2024-33664
2024-04-26 00:15:09
cvelist
cvelist
CVE-2024-33664
2024-04-25 00:00:00
github
github
python-jose denial of service via compressed JWE content
2024-04-26 00:30:35