python-jose@3.0.1 vulnerabilities
JOSE implementation in Python
-
latest version
3.3.0
-
first published
9 years ago
-
latest version published
3 years ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the python-jose package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
Affected versions of this package are vulnerable to Resource Consumption due to the decoding process of a crafted JSON Web Encryption (JWE) token with a high compression ratio. This vulnerability is akin to a "JWT bomb" scenario, where the system's resources can be overwhelmed. How to fix Resource Consumption? There is no fixed version for |
[0,)
|
Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to the handling of OpenSSH ECDSA keys and other key formats. An attacker can cause algorithm confusion by exploiting the improper validation of cryptographic keys. How to fix Improper Verification of Cryptographic Signature? There is no fixed version for |
[0,)
|