{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36775?format=json","vulnerability_id":"VCID-qr7r-81eb-sud4","summary":"python-jose through 3.3.0 allows attackers to cause a denial of service (resource consumption) during a decode via a crafted JSON Web Encryption (JWE) token with a high compression ratio, aka a \"JWT bomb.\" This is similar to CVE-2024-21319.","aliases":[{"alias":"CVE-2024-33664"},{"alias":"PYSEC-2024-233"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40937?format=json","purl":"pkg:pypi/python-jose@3.4.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@3.4.0"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9541?format=json","purl":"pkg:pypi/python-jose@0.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/9542?format=json","purl":"pkg:pypi/python-jose@0.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/9543?format=json","purl":"pkg:pypi/python-jose@0.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/9544?format=json","purl":"pkg:pypi/python-jose@0.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/9545?format=json","purl":"pkg:pypi/python-jose@0.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/9546?format=json","purl":"pkg:pypi/python-jose@0.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.1.5"},{"url":"http://public2.vulnerablecode.io/api/packages/9547?format=json","purl":"pkg:pypi/python-jose@0.1.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/9548?format=json","purl":"pkg:pypi/python-jose@0.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.1.7"},{"url":"http://public2.vulnerablecode.io/api/packages/9549?format=json","purl":"pkg:pypi/python-jose@0.1.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.1.8"},{"url":"http://public2.vulnerablecode.io/api/packages/9550?format=json","purl":"pkg:pypi/python-jose@0.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/9551?format=json","purl":"pkg:pypi/python-jose@0.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/9552?format=json","purl":"pkg:pypi/python-jose@0.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/9553?format=json","purl":"pkg:pypi/python-jose@0.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/9554?format=json","purl":"pkg:pypi/python-jose@0.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/9555?format=json","purl":"pkg:pypi/python-jose@0.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.5.2"},{"url":"http://public2.vulnerablecode.io/api/packages/9556?format=json","purl":"pkg:pypi/python-jose@0.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.5.3"},{"url":"http://public2.vulnerablecode.io/api/packages/9557?format=json","purl":"pkg:pypi/python-jose@0.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.5.4"},{"url":"http://public2.vulnerablecode.io/api/packages/9558?format=json","purl":"pkg:pypi/python-jose@0.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.5.5"},{"url":"http://public2.vulnerablecode.io/api/packages/9559?format=json","purl":"pkg:pypi/python-jose@0.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.5.6"},{"url":"http://public2.vulnerablecode.io/api/packages/9560?format=json","purl":"pkg:pypi/python-jose@0.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/9561?format=json","purl":"pkg:pypi/python-jose@0.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.6.2"},{"url":"http://public2.vulnerablecode.io/api/packages/9562?format=json","purl":"pkg:pypi/python-jose@0.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/9563?format=json","purl":"pkg:pypi/python-jose@1.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@1.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/9564?format=json","purl":"pkg:pypi/python-jose@1.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@1.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/9565?format=json","purl":"pkg:pypi/python-jose@1.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@1.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/9566?format=json","purl":"pkg:pypi/python-jose@1.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@1.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/9567?format=json","purl":"pkg:pypi/python-jose@1.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@1.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/9568?format=json","purl":"pkg:pypi/python-jose@1.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@1.3.2"},{"url":"http://public2.vulnerablecode.io/api/packages/40928?format=json","purl":"pkg:pypi/python-jose@1.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@1.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/40929?format=json","purl":"pkg:pypi/python-jose@2.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@2.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/40930?format=json","purl":"pkg:pypi/python-jose@2.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@2.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/40931?format=json","purl":"pkg:pypi/python-jose@2.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@2.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/40932?format=json","purl":"pkg:pypi/python-jose@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@3.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/40933?format=json","purl":"pkg:pypi/python-jose@3.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@3.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/40934?format=json","purl":"pkg:pypi/python-jose@3.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@3.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/40935?format=json","purl":"pkg:pypi/python-jose@3.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@3.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/40936?format=json","purl":"pkg:pypi/python-jose@3.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@3.3.0"}],"references":[{"reference_url":"https://github.com/mpdavis/python-jose/issues/344","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpdavis/python-jose/issues/344"},{"reference_url":"https://github.com/mpdavis/python-jose/pull/345","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpdavis/python-jose/pull/345"},{"reference_url":"https://www.vicarius.io/vsociety/posts/jwt-bomb-in-python-jose-cve-2024-33664","reference_id":"","reference_type":"","scores":[],"url":"https://www.vicarius.io/vsociety/posts/jwt-bomb-in-python-jose-cve-2024-33664"}],"weaknesses":[],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qr7r-81eb-sud4"}