Описание
In python-jose 3.3.0 (specifically jwe.decrypt), a vulnerability allows an attacker to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-apps/jammy | needs-triage | |
| esm-apps/noble | needs-triage | |
| jammy | needs-triage | |
| noble | needs-triage | |
| plucky | DNE | |
| questing | DNE | |
| upstream | needs-triage |
Показывать по
5.3 Medium
CVSS3
Связанные уязвимости
In python-jose 3.3.0 (specifically jwe.decrypt), a vulnerability allows an attacker to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.
In python-jose 3.3.0 (specifically jwe.decrypt), a vulnerability allow ...
Duplicate Advisory: python-jose denial of service via compressed JWE content
Уязвимость библиотеки python-jose, связанная с некорректной обработкой сильно сжатых входных данных, позволяющая нарушителю вызвать отказ в обслуживании
5.3 Medium
CVSS3