VYPR

apk package

chainguard/py3-jwcrypto

pkg:apk/chainguard/py3-jwcrypto

Vulnerabilities (2)

  • CVE-2026-39373MedApr 7, 2026
    affected < 1.5.7-r0fixed 1.5.7-r0

    JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for CVE-2024-28102 limits input token size to 250KB but do

  • CVE-2024-28102Mar 6, 2024
    affected < 1.5.6-r0fixed 1.5.6-r0

    JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot