12 matches found
RockyLinux 10 : python-jwcrypto (RLSA-2026:19042)
The remote RockyLinux 10 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2026:19042 advisory. JWCrypto: python-cryptography: python: JWCrypto: Memory exhaustion via crafted compressed JWE tokens CVE-2026-39373 Tenable has extracted the preceding...
RLSA-2026:19197 Low: python-jwcrypto security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
RockyLinux 9 : python-jwcrypto (RLSA-2026:19197)
The remote RockyLinux 9 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2026:19197 advisory. JWCrypto: python-cryptography: python: JWCrypto: Memory exhaustion via crafted compressed JWE tokens CVE-2026-39373 Tenable has extracted the preceding descripti...
ALSA-2026:19042 Low: python-jwcrypto security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
RHEL 9 : python-jwcrypto (RHSA-2026:19197)
The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:19197 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic da...
Low: python-jwcrypto security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Important: python-jwcrypto
Issue Overview: JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for CVE-2024-28102 limits input token size to 250KB but does...
python311-jwcrypto-1.5.7-2.1 on GA media (moderate)
python311-jwcrypto-1.5.7-2.1 on GA media Announcement ID: openSUSE-SU-2026:10576-1 Rating: moderate Cross-References: CVE-2026-39373 CVSS scores: CVE-2026-39373 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-39373 SUSE : 8.7...
OESA-2026-1925 python-jwcrypto security update
Implements JWK, JWS, JWE specifications with python-cryptography Security Fixes: JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing...
alastria-auth (>=0.0.3 <=0.0.17), alastria-identity (>=0.2.0 <=0.4.0) +61 more potentially affected by CVE-2026-39373 via jwcrypto (>=0.4.0 <=1.5.6)
jwcrypto PYPI version =0.4.0, =0.0.3, =0.2.0, =1.0.0, =1.0.0, =0.1.0, =0.1.0, =0.1.0, =0.11.0rc1, =0.4.0a0, =2.0.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0.2, =0.1.0.8 and more Source cves: CVE-2026-39373 Source advisory: OSV:GHSA-FJRM-76X2-C4Q4...
CVE-2026-39373
creationtimestamp| type| source ---|---|--- 2026-04-08 00:16:14+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-fjrm-76x2-c4q4...
Linux Distros Unpatched Vulnerability : CVE-2026-39373
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending...