{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37166?format=json","vulnerability_id":"VCID-hfgd-9e3j-qkhr","summary":"In python-jose 3.3.0 (specifically jwe.decrypt), a vulnerability allows an attacker to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.","aliases":[{"alias":"CVE-2024-29370"},{"alias":"GHSA-h4pw-wxh7-4vjj"},{"alias":"PYSEC-2025-185"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/40937?format=json","purl":"pkg:pypi/python-jose@3.4.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@3.4.0"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/9541?format=json","purl":"pkg:pypi/python-jose@0.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/9542?format=json","purl":"pkg:pypi/python-jose@0.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/9543?format=json","purl":"pkg:pypi/python-jose@0.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/9544?format=json","purl":"pkg:pypi/python-jose@0.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.1.3"},{"url":"http://public2.vulnerablecode.io/api/packages/9545?format=json","purl":"pkg:pypi/python-jose@0.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/9546?format=json","purl":"pkg:pypi/python-jose@0.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.1.5"},{"url":"http://public2.vulnerablecode.io/api/packages/9547?format=json","purl":"pkg:pypi/python-jose@0.1.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/9548?format=json","purl":"pkg:pypi/python-jose@0.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.1.7"},{"url":"http://public2.vulnerablecode.io/api/packages/9549?format=json","purl":"pkg:pypi/python-jose@0.1.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.1.8"},{"url":"http://public2.vulnerablecode.io/api/packages/9550?format=json","purl":"pkg:pypi/python-jose@0.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/9551?format=json","purl":"pkg:pypi/python-jose@0.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/9552?format=json","purl":"pkg:pypi/python-jose@0.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/9553?format=json","purl":"pkg:pypi/python-jose@0.5.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.5.0"},{"url":"http://public2.vulnerablecode.io/api/packages/9554?format=json","purl":"pkg:pypi/python-jose@0.5.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.5.1"},{"url":"http://public2.vulnerablecode.io/api/packages/9555?format=json","purl":"pkg:pypi/python-jose@0.5.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.5.2"},{"url":"http://public2.vulnerablecode.io/api/packages/9556?format=json","purl":"pkg:pypi/python-jose@0.5.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.5.3"},{"url":"http://public2.vulnerablecode.io/api/packages/9557?format=json","purl":"pkg:pypi/python-jose@0.5.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.5.4"},{"url":"http://public2.vulnerablecode.io/api/packages/9558?format=json","purl":"pkg:pypi/python-jose@0.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.5.5"},{"url":"http://public2.vulnerablecode.io/api/packages/9559?format=json","purl":"pkg:pypi/python-jose@0.5.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.5.6"},{"url":"http://public2.vulnerablecode.io/api/packages/9560?format=json","purl":"pkg:pypi/python-jose@0.6.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.6.1"},{"url":"http://public2.vulnerablecode.io/api/packages/9561?format=json","purl":"pkg:pypi/python-jose@0.6.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.6.2"},{"url":"http://public2.vulnerablecode.io/api/packages/9562?format=json","purl":"pkg:pypi/python-jose@0.7.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@0.7.0"},{"url":"http://public2.vulnerablecode.io/api/packages/9563?format=json","purl":"pkg:pypi/python-jose@1.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@1.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/9564?format=json","purl":"pkg:pypi/python-jose@1.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@1.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/9565?format=json","purl":"pkg:pypi/python-jose@1.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@1.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/9566?format=json","purl":"pkg:pypi/python-jose@1.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@1.3.0"},{"url":"http://public2.vulnerablecode.io/api/packages/9567?format=json","purl":"pkg:pypi/python-jose@1.3.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"},{"vulnerability":"VCID-wzf6-nvmk-tud8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@1.3.1"},{"url":"http://public2.vulnerablecode.io/api/packages/9568?format=json","purl":"pkg:pypi/python-jose@1.3.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@1.3.2"},{"url":"http://public2.vulnerablecode.io/api/packages/40928?format=json","purl":"pkg:pypi/python-jose@1.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@1.4.0"},{"url":"http://public2.vulnerablecode.io/api/packages/40929?format=json","purl":"pkg:pypi/python-jose@2.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@2.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/40930?format=json","purl":"pkg:pypi/python-jose@2.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@2.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/40931?format=json","purl":"pkg:pypi/python-jose@2.0.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@2.0.2"},{"url":"http://public2.vulnerablecode.io/api/packages/40932?format=json","purl":"pkg:pypi/python-jose@3.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@3.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/40933?format=json","purl":"pkg:pypi/python-jose@3.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@3.0.1"},{"url":"http://public2.vulnerablecode.io/api/packages/40934?format=json","purl":"pkg:pypi/python-jose@3.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@3.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/40935?format=json","purl":"pkg:pypi/python-jose@3.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@3.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/40936?format=json","purl":"pkg:pypi/python-jose@3.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hfgd-9e3j-qkhr"},{"vulnerability":"VCID-nph9-2swf-47cn"},{"vulnerability":"VCID-qr7r-81eb-sud4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/python-jose@3.3.0"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29370.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-29370.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29370","reference_id":"","reference_type":"","scores":[{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36487","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00158","scoring_system":"epss","scoring_elements":"0.36479","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-29370"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/mpdavis/python-jose/commit/483529ee93a3ab510ab579d4d4cc644dba926ade","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mpdavis/python-jose/commit/483529ee93a3ab510ab579d4d4cc644dba926ade"},{"reference_url":"https://github.com/mpdavis/python-jose/issues/344","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mpdavis/python-jose/issues/344"},{"reference_url":"https://github.com/mpdavis/python-jose/releases/tag/3.4.0","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/mpdavis/python-jose/releases/tag/3.4.0"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423195","reference_id":"2423195","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2423195"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29370","reference_id":"CVE-2024-29370","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-29370"},{"reference_url":"https://github.com/advisories/GHSA-h4pw-wxh7-4vjj","reference_id":"GHSA-h4pw-wxh7-4vjj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-h4pw-wxh7-4vjj"}],"weaknesses":[{"cwe_id":409,"name":"Improper Handling of Highly Compressed Data (Data Amplification)","description":"The product does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."},{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."}],"exploits":[],"severity_range_score":"4.0 - 7.5","exploitability":"0.5","weighted_severity":"6.8","risk_score":3.4,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hfgd-9e3j-qkhr"}