VYPR

apk package

wolfi/py3-supported-jwcrypto

pkg:apk/wolfi/py3-supported-jwcrypto

Vulnerabilities (1)

  • CVE-2024-28102Mar 6, 2024
    affected < 1.5.6-r0fixed 1.5.6-r0

    JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot