Amazon Linux 2 : python-jwcrypto (ALAS-2025-2763)

The version of python-jwcrypto installed on the remote host is prior to 0.4.2-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2763 advisory. JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cau...

Medium: python-jwcrypto

Issue Overview: JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot o...