Описание
joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause Python logging to record an arbitrarily large, forged JWT payload. In situations where a misconfigured — or entirely absent — production-grade web server sits in front of a Python web application, an attacker may be able to send arbitrarily large bearer tokens in the HTTP request headers. When this occurs, Python logging or diagnostic tools (e.g., Sentry) may end up processing extremely large log messages containing the full JWT header during the joserfc.jwt.decode() operation. The same behavior also appears when validating claims and signature payload sizes, as the library raises joserfc.errors.ExceededSizeError() with the full payload embedded in the exception message. Since the payload is already fully loaded into memory at this stage, the library cannot prevent or reject it. This issue has been patched in versions 1.3.5 and 1.4.2.
A flaw was found in joserfc. This vulnerability allows an attacker to cause Python logging or diagnostic tools to process and record arbitrarily large, forged JSON Web Token (JWT) payloads. This occurs when non-decoded JWT token parts are embedded in ExceededSizeError exception messages, triggered by an attacker sending arbitrarily large bearer tokens in HTTP (Hypertext Transfer Protocol) request headers.
Отчет
THe impact of this vulnerability has been downgraded from CRITICAL to MODERATE because of the following reasons:
- successful exploitation requires a misconfigured or absent production-grade web server that lacks proper request size limits which is not an attribute of Red Hat's SSDC practice and so limits the exploitability of the affected product.
- The vulnerability only affects availability through resource exhaustion without enabling remote code execution, privilege escalation, or data compromise. This issue arises because joserfc embeds full, non-decoded JWT token parts directly into ExceededSizeError exception messages when validating token sizes during the jwt.decode() operation. When an attacker sends an arbitrarily large bearer token in HTTP request headers, the library loads the entire payload into memory before raising the exception, and the exception message containing the full payload is then passed to Python logging. This can result in excessive consumption of memory.
Ссылки на источники
Дополнительная информация
Статус:
EPSS
5.9 Medium
CVSS3
Связанные уязвимости
joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause Python logging to record an arbitrarily large, forged JWT payload. In situations where a misconfigured — or entirely absent — production-grade web server sits in front of a Python web application, an attacker may be able to send arbitrarily large bearer tokens in the HTTP request headers. When this occurs, Python logging or diagnostic tools (e.g., Sentry) may end up processing extremely large log messages containing the full JWT header during the joserfc.jwt.decode() operation. The same behavior also appears when validating claims and signature payload sizes, as the library raises joserfc.errors.ExceededSizeError() with the full payload embedded in the exception message. Since the payload...
joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. In versions from 1.3.3 to before 1.3.5 and from 1.4.0 to before 1.4.2, the ExceededSizeError exception messages are embedded with non-decoded JWT token parts and may cause Python logging to record an arbitrarily large, forged JWT payload. In situations where a misconfigured — or entirely absent — production-grade web server sits in front of a Python web application, an attacker may be able to send arbitrarily large bearer tokens in the HTTP request headers. When this occurs, Python logging or diagnostic tools (e.g., Sentry) may end up processing extremely large log messages containing the full JWT header during the joserfc.jwt.decode() operation. The same behavior also appears when validating claims and signature payload sizes, as the library raises joserfc.errors.ExceededSizeError() with the full payload embedded in the exception message. Since the payload is
joserfc is a Python library that provides an implementation of several ...
joserfc has Possible Uncontrolled Resource Consumption Vulnerability Triggered by Logging Arbitrarily Large JWT Token Payloads
Уязвимость библиотеки joserfc языка программирования Python, связанная с неограниченным распределением ресурсов, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
5.9 Medium
CVSS3