Hkmj19

Name of the Vulnerable Software and Affected Versions JWCrypto versions prior to 1.5.7 Description A crafted JWE token with ZIP compression can exhaust server memory. The existing patch limits input token size to 250KB but does not validate the decompressed output size. A token under the 250KB input limit can decompress to approximately 100MB, potentially causing memory exhaustion on memory-constrained systems. Recommendations Update to version 1.5.7 or later.