Skip to main content

Python Jose

3 CVEs product

Monthly

CVE-2024-33664 PyPI MEDIUM POC PATCH This Month

python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a "JWT. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Python Jose
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2024-33663 PyPI MEDIUM POC PATCH This Month

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure SSH Python Jose
NVD GitHub
CVSS 3.1
6.5
EPSS
0.3%
CVE-2016-7036 PyPI CRITICAL PATCH Act Now

python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Python Jose
NVD GitHub VulDB
CVSS 3.0
9.8
EPSS
0.4%
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a "JWT. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Python Denial Of Service Python Jose
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Python Information Disclosure SSH +1
NVD GitHub
EPSS 0% CVSS 9.8
CRITICAL PATCH Act Now

python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Python Information Disclosure Python Jose
NVD GitHub VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy