RLSA-2026:19197 Low: python-jwcrypto security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

ALSA-2026:19042 Low: python-jwcrypto security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

ALSA-2026:19197 Low: python-jwcrypto security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

Low: python-jwcrypto security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

SUSE SLES16 Security Update : python-jwcrypto (SUSE-SU-2026:21425-1)

The remote SUSE Linux SLES16 / SLESSAP16 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2026:21425-1 advisory. - CVE-2026-39373: weak mitigation for JWT bomb attack in the deserialize function can lead to memory exhaustion via crafted compressed JWE...

SUSE-SU-2026:21425-1 Security update for python-jwcrypto

This update for python-jwcrypto fixes the following issues: - CVE-2026-39373: weak mitigation for JWT bomb attack in the deserialize function can lead to memory exhaustion via crafted compressed JWE tokens bsc1261802...

jose4j is vulnerable to DoS via compressed JWE content

In jose4j before 0.9.6, an attacker can cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during...

GHSA-HJ3V-M684-V259 JWX vulnerable to a denial of service attack using compressed JWE message

Summary This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service DoS condition by crafting a malicious JSON Web Encryption JWE token with an exceptionally high compression ratio. When this token is processed by the recipient, it results in significant memory...