CVE-2024-33664
Published: 26 April 2024
python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319.
Priority
Status
Package | Release | Status |
---|---|---|
python-jose Launchpad, Ubuntu, Debian |
focal |
Does not exist
|
jammy |
Needs triage
|
|
mantic |
Needs triage
|
|
noble |
Needs triage
|
|
upstream |
Needs triage
|