CVE-2024-29370

Published: Dec 17, 2025

Modified: Dec 17, 2025

PUBLISHED

Description

In python-jose 3.3.0 (specifically jwe.decrypt), a vulnerability allows an attacker to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/mpdavis/python-jose/issues/344

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-29370

Description

Affected Products

References