python-jose@3.3.0 vulnerabilities

JOSE implementation in Python

Direct Vulnerabilities

Known vulnerabilities in the python-jose package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Resource Consumption

Affected versions of this package are vulnerable to Resource Consumption due to the decoding process of a crafted JSON Web Encryption (JWE) token with a high compression ratio. This vulnerability is akin to a "JWT bomb" scenario, where the system's resources can be overwhelmed.

How to fix Resource Consumption?

There is no fixed version for python-jose.

[0,)
  • H
Improper Verification of Cryptographic Signature

Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the handling of OpenSSH ECDSA keys and other key formats. An attacker can cause algorithm confusion by exploiting the improper validation of cryptographic keys.

How to fix Improper Verification of Cryptographic Signature?

There is no fixed version for python-jose.

[0,)