Emmharnuherl01

**Name of the Vulnerable Software and Affected Versions** python-jose versions 3.3.0 and earlier **Description** The issue is related to high resource consumption during the decoding of a crafted JSON Web Encryption (JWE) token, which can be exploited by a remote attacker to cause a denial of service. This is also known as a "JWT bomb" due to the high compression ratio of the token. **Recommendations** For python-jose versions 3.3.0 and earlier, as a temporary workaround, consider restricting the use of the JWE token decoding function until a patch is available. Avoid using the `decode` function with untrusted input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.