Moderate severityNVD Advisory· Published Feb 12, 2024· Updated Feb 26, 2026
Jwcrypto: denail of service via specifically crafted jwe
CVE-2023-6681
Description
A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
jwcryptoPyPI | < 1.5.1 | 1.5.1 |
Affected products
6- cpe:/a:redhat:ansible_automation_platform:2
cpe:/a:redhat:enterprise_linux:8::appstream+ 2 more
- cpe:/a:redhat:enterprise_linux:8::appstreamrange: 8100020240416171943.823393f5
- cpe:/a:redhat:enterprise_linux:9::appstreamrange: 0:1.5.6-2.el9
- cpe:/o:redhat:enterprise_linux:7
- ghsa-coords2 versions
< 1.5.1+ 1 more
- (no CPE)range: < 1.5.1
- (no CPE)range: < 1.5.6-2.el9
Patches
Vulnerability mechanics
References
9- access.redhat.com/errata/RHSA-2024:3267ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2024:9281ghsavendor-advisoryx_refsource_REDHATWEB
- github.com/advisories/GHSA-cw2r-4p82-qv79ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-6681ghsaADVISORY
- access.redhat.com/security/cve/CVE-2023-6681ghsavdb-entryx_refsource_REDHATWEB
- bugzilla.redhat.com/show_bug.cgighsaissue-trackingx_refsource_REDHATWEB
- github.com/latchset/jwcrypto/commit/d2655d370586cb830e49acfb450f87598da60be8ghsaWEB
- github.com/latchset/jwcrypto/security/advisories/GHSA-cw2r-4p82-qv79ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/jwcrypto/PYSEC-2024-104.yamlghsaWEB
News mentions
0No linked articles in our index yet.