Количество 5
Количество 5
CVE-2024-29370
In python-jose 3.3.0 (specifically jwe.decrypt), a vulnerability allows an attacker to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.
CVE-2024-29370
In python-jose 3.3.0 (specifically jwe.decrypt), a vulnerability allows an attacker to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.
CVE-2024-29370
In python-jose 3.3.0 (specifically jwe.decrypt), a vulnerability allow ...
GHSA-h4pw-wxh7-4vjj
Duplicate Advisory: python-jose denial of service via compressed JWE content
BDU:2025-16345
Уязвимость библиотеки python-jose, связанная с некорректной обработкой сильно сжатых входных данных, позволяющая нарушителю вызвать отказ в обслуживании
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2024-29370 In python-jose 3.3.0 (specifically jwe.decrypt), a vulnerability allows an attacker to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression. | CVSS3: 5.3 | 0% Низкий | около 2 месяцев назад |
 | CVE-2024-29370 In python-jose 3.3.0 (specifically jwe.decrypt), a vulnerability allows an attacker to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression. | CVSS3: 5.3 | 0% Низкий | около 2 месяцев назад |
| CVE-2024-29370 In python-jose 3.3.0 (specifically jwe.decrypt), a vulnerability allow ... | CVSS3: 5.3 | 0% Низкий | около 2 месяцев назад |
| GHSA-h4pw-wxh7-4vjj Duplicate Advisory: python-jose denial of service via compressed JWE content | CVSS3: 5.3 | 0% Низкий | около 2 месяцев назад |
 | BDU:2025-16345 Уязвимость библиотеки python-jose, связанная с некорректной обработкой сильно сжатых входных данных, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 5.3 | 0% Низкий | почти 2 года назад |
Уязвимостей на страницу