MEDIUMπŸ‡΅πŸ‡± Wersja polska

CVE-2024-29370

CVSS 5.3v3.1pub. 2025-12-17upd. 2026-01-05

In python-jose 3.3.0 (specifically jwe.decrypt), a vulnerability allows an attacker to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • Python Jose Project Python Jose

    APP
    Python-Jose Project
    3.3.0
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2016-7036CRITICAL9.8ten sam produkt

python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant t...

CVE-2024-33663MEDIUM6.5ten sam produkt

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is simil...

CVE-2024-33664MEDIUM5.3ten sam produkt

python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode...

CVE-2024-29370 β€” Python-Jose Project β€” Python-Jose β€” MEDIUM β€” CVSS 5.3 | CVEbaza.pl