Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2024-33664

Опубликовано: 26 апр. 2024
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS3: 5.3

Описание

python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319.

РелизСтатусПримечание
devel

DNE

esm-apps/jammy

needs-triage

esm-apps/noble

needs-triage

esm-infra/focal

DNE

focal

DNE

jammy

needs-triage

mantic

ignored

end of life, was needs-triage
noble

needs-triage

oracular

DNE

plucky

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 8%
0.00034
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

redhat логотип

CVE-2024-33664

redhat
около 1 года назад

python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319.

nvd логотип

CVE-2024-33664

CVSS3: 5.3
nvd
около 1 года назад

python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319.

debian логотип

CVE-2024-33664

CVSS3: 5.3
debian
около 1 года назад

python-jose through 3.3.0 allows attackers to cause a denial of servic ...

suse-cvrf логотип

openSUSE-SU-2024:0149-1

suse-cvrf
около 1 года назад

Security update for python-python-jose

github логотип

GHSA-cjwg-qfpm-7377

CVSS3: 5.3
github
около 1 года назад

python-jose denial of service via compressed JWE content

EPSS

Процентиль: 8%
0.00034
Низкий

5.3 Medium

CVSS3