apk package
chainguard/py3.10-jwcrypto
pkg:apk/chainguard/py3.10-jwcrypto
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-39373 | Med | 5.3 | < 1.5.7-r0 | 1.5.7-r0 | Apr 7, 2026 | JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for CVE-2024-28102 limits input token size to 250KB but do | |
| CVE-2024-28102 | — | < 1.5.6-r0 | 1.5.6-r0 | Mar 6, 2024 | JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot |
- affected < 1.5.7-r0fixed 1.5.7-r0
JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for CVE-2024-28102 limits input token size to 250KB but do
- CVE-2024-28102Mar 6, 2024affected < 1.5.6-r0fixed 1.5.6-r0
JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot