[MEDIUM] Security Vulnerability in python-jose

Security Vulnerability Detected

Dependency: python-jose
Criticality: MEDIUM (Score: undefined)

Vulnerability Details

Name: CVE-2024-33664

Description:
python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a "JWT bomb." This is similar to CVE-2024-21319.

Metadata

"{\"vulnerabilityIdentifiers\":[\"CVE-2024-33664\"],\"published\":\"2024-04-26T00:15:09.060\",\"lastModified\":\"2025-09-02T18:36:30.130\",\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":1.4,\"weaknesses\":[\"CWE-400\"]}"