Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-cjwg-qfpm-7377: python-jose denial of service via compressed JWT tokens

python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a “JWT bomb.” This is similar to CVE-2024-21319.

ghsa
#web#dos#js#git

python-jose denial of service via compressed JWT tokens

Moderate severity GitHub Reviewed Published Apr 26, 2024 to the GitHub Advisory Database • Updated Apr 26, 2024

ghsa: Latest News

GHSA-vm62-9jw3-c8w3: Gogs has an argument Injection in the built-in SSH server