Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-29370

Опубликовано: 17 дек. 2025
Источник: debian
EPSS Низкий

Описание

In python-jose 3.3.0 (specifically jwe.decrypt), a vulnerability allows an attacker to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python-joseremovedpackage

Примечания

  • https://github.com/mpdavis/python-jose/issues/344

  • https://github.com/mpdavis/python-jose/pull/352

  • Fixed by: https://github.com/mpdavis/python-jose/commit/8e1f521a7588dd6bfe553c3d3f320ab7a55bba36 (3.4.0)

EPSS

Процентиль: 36%
0.00156
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-29370

CVSS3: 5.3
ubuntu
4 месяца назад

In python-jose 3.3.0 (specifically jwe.decrypt), a vulnerability allows an attacker to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.

redhat логотип

CVE-2024-29370

CVSS3: 7.5
redhat
4 месяца назад

In python-jose 3.3.0 (specifically jwe.decrypt), a vulnerability allows an attacker to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.

nvd логотип

CVE-2024-29370

CVSS3: 5.3
nvd
4 месяца назад

In python-jose 3.3.0 (specifically jwe.decrypt), a vulnerability allows an attacker to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.

github логотип

GHSA-h4pw-wxh7-4vjj

CVSS3: 5.3
github
4 месяца назад

Duplicate Advisory: python-jose denial of service via compressed JWE content

fstec логотип

BDU:2025-16345

CVSS3: 5.3
fstec
около 2 лет назад

Уязвимость библиотеки python-jose, связанная с некорректной обработкой сильно сжатых входных данных, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 36%
0.00156
Низкий