Security update for python-jwcrypto (important)

openSUSE security update: security update for python-jwcrypto ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20644-1 Rating: important References: bsc1261802 Cross-References: CVE-2026-39373 CVSS scores: CVE-2026-39373 SUSE : 7.5...

OPENSUSE-SU-2026:20644-1 Security update for python-jwcrypto

This update for python-jwcrypto fixes the following issues: - CVE-2026-39373: weak mitigation for JWT bomb attack in the deserialize function can lead to memory exhaustion via crafted compressed JWE tokens bsc1261802...

SUSE-SU-2026:21425-1 Security update for python-jwcrypto

This update for python-jwcrypto fixes the following issues: - CVE-2026-39373: weak mitigation for JWT bomb attack in the deserialize function can lead to memory exhaustion via crafted compressed JWE tokens bsc1261802...

CVE-2026-39373 vulnerabilities

Vulnerabilities for packages: py3-jwcrypto...

OPENSUSE-SU-2026:10576-1 python311-jwcrypto-1.5.7-2.1 on GA media

These are all security issues fixed in the python311-jwcrypto-1.5.7-2.1 package on the GA media of openSUSE Tumbleweed...

Security update for python-jwcrypto (important)

openSUSE Security Update: Security update for python-jwcrypto Announcement ID: openSUSE-SU-2026:0129-1 Rating: important References: 1209496 1219837 1221230 1261802 Cross-References: CVE-2022-3102 CVE-2023-6681 CVE-2024-28102 CVE-2026-39373 CVSS scores: CVE-2022-3102 SUSE: 4.2...

Security update for python-jwcrypto (important)

openSUSE Security Update: Security update for python-jwcrypto Announcement ID: openSUSE-SU-2026:0130-1 Rating: important References: 1209496 1219837 1221230 1261802 Cross-References: CVE-2022-3102 CVE-2023-6681 CVE-2024-28102 CVE-2026-39373 CVSS scores: CVE-2022-3102 SUSE: 4.2...

CVE-2026-39373 vulnerabilities

Vulnerabilities for packages: keep, authentik, py3-jwcrypto, keep-fips, authentik-fips...

GHSA-FJRM-76X2-C4Q4 vulnerabilities

Vulnerabilities for packages: keep, authentik, py3-jwcrypto, keep-fips, authentik-fips...

MiracleLinux 9 : python-jwcrypto-0.8-5.el9 (AXSA:2024-7961:01)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-7961:01 advisory. python-jwcrypto: malicious JWE token can cause denial of service CVE-2024-28102 Tenable has extracted the preceding description block directly from the...

MiracleLinux 9 : python-jwcrypto-1.5.6-2.el9 (AXSA:2024-9264:02)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2024-9264:02 advisory. JWCrypto: denail of service Via specifically crafted JWE CVE-2023-6681 Tenable has extracted the preceding description block directly from the MiracleLinux...

Oracle Linux 8 : idm:DL1 (ELSA-2025-17129)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-17129 advisory. bind-dyndb-ldap 11.6-6 - Fix rpminspect warnings Resolves: RHEL-22497 custodia ipa 4.9.13-20.0.1 - Set IPAPLATFORM=rhel when build on Oracle Linux Orabug:...

TencentOS Server 4: python-jwcrypto (TSSA-2024:0814)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0814 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

RockyLinux 9 : python-jwcrypto (RLSA-2024:9281)

The remote RockyLinux 9 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2024:9281 advisory. JWCrypto: denail of service Via specifically crafted JWE CVE-2023-6681 Tenable has extracted the preceding description block directly from the RockyLinux security...

python-jwcrypto security update

An update is available for python-jwcrypto. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The python-jwcrypto package provides Python implementations of the JS...

RLSA-2024:9281 Moderate: python-jwcrypto security update

The python-jwcrypto package provides Python implementations of the JSON Web Key JWK, JSON Web Signature JWS, JSON Web Encryption JWE, and JSON Web Token JWT JOSE JSON Object Signing and Encryption standards. Security Fixes: JWCrypto: denail of service Via specifically crafted JWE CVE-2023-6681 Fo...

Advisory ROSA-SA-2025-2770

Software: python-jwcrypto 0.5.0 OS: ROSA Virtualization 3.0 packageevrstring: python-jwcrypto-0.5.0-2.rv30 CVE-ID: CVE-2024-28102 BDU-ID: 2024-01978 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the deserialize JavaScript library function for Jwcrypto is associated with uncontrolled resource...

Amazon Linux 2 : python-jwcrypto (ALAS-2025-2763)

The version of python-jwcrypto installed on the remote host is prior to 0.4.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2763 advisory. JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cau...

Medium: python-jwcrypto

Issue Overview: JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot o...

Medium: python-jwcrypto

Issue Overview: JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot o...