A vulnerability in the OpenSSH ECDSA Key Handler component of the OpenSSH ECDSA Key Handler technology for signing and encrypting JavaScript objects in
Python is related to the definition of a blacklist of prefixes for public keys. Exploitation of the vulnerability
could allow an attacker acting remotely to steal OpenSSH ECDSA public keys
Vulnerability in the JWE Token Handler component of JavaScript object signing and encryption technology in Python
is related to high resource consumption during decryption using the generated JSON Web
Encryption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of
denial of service
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
redos | 7.3 | x86_64 | python3-jose | <= 3.3.0-1 | UNKNOWN |