python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319.
Metrics
Affected Vendors & Products
References
History
Mon, 19 Aug 2024 08:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Wed, 07 Aug 2024 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-400 | |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-04-25T00:00:00
Updated: 2024-09-05T15:28:29.569946
Reserved: 2024-04-25T00:00:00
Link: CVE-2024-33664
Vulnrichment
Updated: 2024-08-19T07:47:43.796Z
NVD
Status : Awaiting Analysis
Published: 2024-04-26T00:15:09.060
Modified: 2024-09-05T16:15:07.570
Link: CVE-2024-33664
Redhat