rpm package
opensuse/python-joserfc&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/python-joserfc&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-48990 | — | < 1.7.1-1.1 | 1.7.1-1.1 | Jun 17, 2026 | joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. In versions 1.3.4 through 1.6.5, joserfc accepts oversized RFC7797 b64=false JWS payloads without applying JWSRegistry.max_payload_length, which can lead to | ||
| CVE-2026-27932 | — | < 1.6.3-1.1 | 1.6.3-1.1 | Mar 3, 2026 | joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service (DoS) via CPU exhaustio |
- CVE-2026-48990Jun 17, 2026affected < 1.7.1-1.1fixed 1.7.1-1.1
joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. In versions 1.3.4 through 1.6.5, joserfc accepts oversized RFC7797 b64=false JWS payloads without applying JWSRegistry.max_payload_length, which can lead to
- CVE-2026-27932Mar 3, 2026affected < 1.6.3-1.1fixed 1.6.3-1.1
joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service (DoS) via CPU exhaustio