CVE-2024-29370
- EPSS 0.16%
- Veröffentlicht 17.12.2025 00:00:00
- Zuletzt bearbeitet 05.01.2026 15:14:48
In python-jose 3.3.0 (specifically jwe.decrypt), a vulnerability allows an attacker to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is ...
CVE-2024-33663
- EPSS 0.68%
- Veröffentlicht 26.04.2024 00:15:09
- Zuletzt bearbeitet 02.09.2025 18:37:53
python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.
CVE-2024-33664
- EPSS 0.19%
- Veröffentlicht 26.04.2024 00:15:09
- Zuletzt bearbeitet 02.09.2025 18:36:30
python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319.
CVE-2016-7036
- EPSS 0.42%
- Veröffentlicht 23.01.2017 21:59:02
- Zuletzt bearbeitet 20.04.2025 01:37:25
python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys.