CVE-2024-29370
Description
In python-jose 3.3.0 (specifically jwe.decrypt), a vulnerability allows an attacker to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A JWE token with extremely high compression ratio causes denial of service via excessive memory and CPU consumption in python-jose 3.3.0.
The vulnerability resides in the jwe.decrypt function of python-jose version 3.3.0. The library supports decompression of JSON Web Encryption (JWE) tokens using the DEF (deflate) compression algorithm. An attacker can craft a token that, when compressed, is small, but decompresses to an extremely large payload—sometimes hundreds of megabytes. This is a classic 'zip bomb' or 'compression bomb' attack. The token itself is small, so it passes any simple length checks, but upon decompression the server allocates a huge amount of memory and spends significant CPU time decompressing the data [1][3].
The attack does not require any authentication or special privileges; the attacker only needs to deliver a malicious JWE token to a server that calls jwe.decrypt. The official proof of concept shows a compressed token that decompresses to an 80-million-character JSON string. Processing this token takes dramatically longer than an uncompressed token of the same compressed size [3]. Any service that accepts and decrypts JWE tokens from untrusted sources is vulnerable.
The impact is a denial of service (DoS): the server may run out of memory, become unresponsive, or crash. Since the token is small, a single request can exhaust server resources, potentially affecting multiple users or causing a full service outage. The CVSS score has not yet been officially assigned by NVD, but the issue is clearly a high-severity DoS vulnerability [1].
The maintainers have mitigated the issue by introducing a token size limit. In commit 483529e, a check was added to reject any JWE string larger than 250 KB before decryption begins [2]. This fix is included in python-jose release 3.4.0 [4]. Users should upgrade to version 3.4.0 or later. If upgrading is not possible, a workaround is to implement a similar length limit in code that calls jwe.decrypt, rejecting tokens larger than a safe threshold. The issue is also referenced in CVE-2024-21319, which described a similar problem in Microsoft's JWT library [3].
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
python-josePyPI | < 3.4.0 | 3.4.0 |
Affected products
2- python-jose/python-josedescription
- Range: =3.3.0
Patches
1483529ee93a3limit token size to 250 KB
1 file changed · +5 −0
jose/jwe.py+5 −0 modified@@ -76,6 +76,11 @@ def decrypt(jwe_str, key): >>> jwe.decrypt(jwe_string, 'asecret128bitkey') 'Hello, World!' """ + + # limit the token size to 250 KB + if len(jwe_str) > 250 * 1024: + raise JWEError("JWE string exceeds 250 KB") + header, encoded_header, encrypted_key, iv, cipher_text, auth_tag = _jwe_compact_deserialize(jwe_str) # Verify that the implementation understands and can process all
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5News mentions
0No linked articles in our index yet.