Denial Of Service (DoS)

Microsoft.IdentityModel.JsonWebTokens and System.IdentityModel.Tokens.Jwt are vulnerable to Denial Of Service (DoS). The vulnerability is cause by improper JWT compression checks, which results in resource exhaustion due processing of malicious JSON Web Encryption(JWE) token. Successful exploitation leads to excessive memory allocation and processing time during compression, leading to…Read More