Security Advisory

CVE-2024-29370

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-17 00:00:00

Last updated 2025-12-17 16:09:53

Assigner mitre

State PUBLISHED

Description

In python-jose 3.3.0 (specifically jwe.decrypt), a vulnerability allows an attacker to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.

← Browse all CVEs View on cve.org ↗