CNNVD-202512-3285 Information

CNNVD ID

CNNVD-202512-3285

Related CVE

CVE-2024-29370

• CNNVD Published: 2025-12-17

Description (Chinese)

python-jose是Michael Davis个人开发者的一个 Python 中的 JOSE 实现。 python-jose 3.3.0版本存在安全漏洞，该漏洞源于攻击者可构造具有极高压缩率的恶意JSON Web Encryption令牌，可能导致拒绝服务攻击。

Description (English)

Python-jose is a Python of Michael Davis’ personal developer. There is a security loophole in version 3.3.0 of python-jose, which stems from the fact that the attackers can construct a malicious JSON Web Encryption token with very high compression rates, which may lead to a denial of service attack.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-12-17

Last Modified

2026-02-24

References

https://github.com/mpdavis/python-jose/issues/344

Patch

https://github.com/mpdavis/python-jose/releases