GHSA-g7f3-828f-7h7m: 
Python vulnerability analysis and mitigation

A moderate severity vulnerability (GHSA-g7f3-828f-7h7m) was discovered in Authlib's JWE zip=DEF implementation affecting versions prior to 1.6.5. The vulnerability allows attackers to perform denial of service attacks through unbounded DEFLATE decompression, where a small ciphertext can expand into large amounts of data during decryption, potentially exhausting system resources. The issue was disclosed and patched on October 10, 2025, affecting the JOSE component of Authlib, specifically the JWE zip=DEF (DEFLATE) support (GitHub Advisory).

The vulnerability exists in the DeflateZipAlgorithm.decompress method within authlib/jose/rfc7518/jwezips.py, which calls zlib.decompress(s, -zlib.MAXWBITS) without implementing any maximum output limit. When the JWE protected header contains "zip": "DEF", the decrypted ciphertext is processed through this unrestricted decompression method. Due to DEFLATE's high compression ratios on repetitive input, a small compressed payload can expand dramatically during decryption. The vulnerability received a CVSS v3.1 base score of 6.5 (MEDIUM) with vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, though this can increase to 7.5 (HIGH) in scenarios where unprivileged users can submit JWEs (GitHub Advisory).

The primary impact is denial of service through memory and CPU exhaustion during JWE token decryption. Testing demonstrated that a 4KB malicious ciphertext could expand to 50MB of decompressed data, consuming significant system resources. The vulnerability affects any service using Authlib to decrypt JWE tokens with zip=DEF compression where attackers can submit valid tokens for decryption. While there are no direct confidentiality or integrity impacts, the availability impact is severe due to the potential for resource exhaustion (GitHub Advisory).

Several mitigation strategies are available: 1) Reject or strip zip=DEF for inbound JWEs at the application boundary until patching, 2) Implement a bounded decompression guard using zlib.decompress with max_length parameter, 3) Enforce strict maximum token sizes and implement rate limiting. The permanent fix was implemented in version 1.6.5, which adds a conservative maximum output size of 256KB by default and raises an error when exceeded (GitHub Commit).