mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-30 18:56:19 +00:00
848 B
848 B
CVE-2024-33664
Description
python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319.
POC
Reference
- https://github.com/mpdavis/python-jose/issues/344
- https://www.vicarius.io/vsociety/posts/jwt-bomb-in-python-jose-cve-2024-33664