CVE-2024-29370
In python-jose 3.3.0 (specifically jwe.decrypt), a vulnerability allows an attacker to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.
Vendor
Product
CWE
Yayın Tarihi
2025-12-17 16:16:04
Güncelleme
2026-01-05 15:14:48
Source Identifier
cve@mitre.org
KEV Date Added
-