python-jwcrypto: malicious JWE token can cause denial of service

An uncontrolled resource consumption vulnerability was found in python-jwcrypto. If a malicious JWE token with a high compression ratio is passed to the server, the server will consume a lot of memory and processing time, leading to a denial of service...

Rocky Linux 9 : python-jwcrypto (RLSA-2024:2559)

The remote Rocky Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RLSA-2024:2559 advisory. - JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by...

RHEL 7 : python-jwcrypto (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-jwcrypto: malicious JWE token can cause denial of service CVE-2024-28102 Note that Nessus has not tested for...

RLSA-2024:2559 Moderate: python-jwcrypto security update

The python-jwcrypto package provides Python implementations of the JSON Web Key JWK, JSON Web Signature JWS, JSON Web Encryption JWE, and JSON Web Token JWT JOSE JSON Object Signing and Encryption standards. Security Fixes: python-jwcrypto: malicious JWE token can cause denial of service...

python-jwcrypto security update

An update is available for python-jwcrypto. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The python-jwcrypto package provides Python implementations of the JS...

Oracle Linux 9 : python-jwcrypto (ELSA-2024-2559)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2024-2559 advisory. 0.8-5 - Address potential DoS with high compression ratio Resolves: RHEL-28698 Tenable has extracted the preceding description block directly from the Oracle...

DL1 bug fix update

An update is available for custodia, module.custodia, pyusb, python-qrcode, module.slapi-nis, module.pyusb, module.softhsm, python-jwcrypto, python-kdcproxy, module.opendnssec, module.python-kdcproxy, module.ipa, ipa-healthcheck, softhsm, module.python-jwcrypto, ipa, opendnssec, python-yubico,...

Moderate: Red Hat Security Advisory: python-jwcrypto security update

An update for python-jwcrypto is now available for Red Hat Enterprise Linux 9. The python-jwcrypto package provides Python implementations of the JSON Web Key JWK, JSON Web Signature JWS, JSON Web Encryption JWE, and JSON Web Token JWT JOSE JSON Object Signing and Encryption standards. Security...

python-jwcrypto: malicious JWE token can cause denial of service

An uncontrolled resource consumption vulnerability was found in python-jwcrypto. If a malicious JWE token with a high compression ratio is passed to the server, the server will consume a lot of memory and processing time, leading to a denial of service...

ALSA-2024:2559 Moderate: python-jwcrypto security update

The python-jwcrypto package provides Python implementations of the JSON Web Key JWK, JSON Web Signature JWS, JSON Web Encryption JWE, and JSON Web Token JWT JOSE JSON Object Signing and Encryption standards. Security Fixes: python-jwcrypto: malicious JWE token can cause denial of service...

RHEL 9 : python-jwcrypto (RHSA-2024:2559)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:2559 advisory. The python-jwcrypto package provides Python implementations of the JSON Web Key JWK, JSON Web Signature JWS, JSON Web Encryption JWE, and JSON Web...

Moderate: python-jwcrypto security update

The python-jwcrypto package provides Python implementations of the JSON Web Key JWK, JSON Web Signature JWS, JSON Web Encryption JWE, and JSON Web Token JWT JOSE JSON Object Signing and Encryption standards. Security Fixes: python-jwcrypto: malicious JWE token can cause denial of service...

Medium: python-jwcrypto

Issue Overview: A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service DoS attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denia...

Amazon Linux 2 : python-jwcrypto (ALAS-2024-2506)

The version of python-jwcrypto installed on the remote host is prior to 0.4.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2506 advisory. A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service DoS attack and possible...

Medium: python-jwcrypto

Issue Overview: A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service DoS attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denia...

CVE-2024-28102

An uncontrolled resource consumption vulnerability was found in python-jwcrypto. If a malicious JWE token with a high compression ratio is passed to the server, the server will consume a lot of memory and processing time, leading to a denial of service. Mitigation Mitigation for this issue is...

AZL-43009 CVE-2023-6681 affecting package python-jwcrypto 0.6.0-9

A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service DoS attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service...

DL1 bug fix and enhancement update

An update is available for ipa, python-jwcrypto, custodia, bind-dyndb-ldap, python-qrcode, softhsm, slapi-nis, python-yubico, python-kdcproxy, opendnssec, ipa-healthcheck, pyusb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

new packages: python-jwcrypto

An update is available for python-jwcrypto. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...

idm:DL1 security update

An update is available for ipa, python-jwcrypto, custodia, bind-dyndb-ldap, python-qrcode, softhsm, slapi-nis, python-yubico, python-kdcproxy, opendnssec, ipa-healthcheck, pyusb. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...