CVE-2024-29370

Name of the Vulnerable Software and Affected Versions python-jose version 3.3.0

Description A flaw exists in the jwe.decrypt function of python-jose that can lead to a Denial-of-Service (DoS) condition. An attacker can exploit this by providing a specially crafted JSON Web Encryption (JWE) token with a very high compression ratio. Processing this token causes excessive memory usage and processing time during decompression, potentially disrupting service availability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.