VYPR

rpm package

opensuse/python-joserfc&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/python-joserfc&distro=openSUSE%20Tumbleweed

Vulnerabilities (2)

  • CVE-2026-48990Jun 17, 2026
    affected < 1.7.1-1.1fixed 1.7.1-1.1

    joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. In versions 1.3.4 through 1.6.5, joserfc accepts oversized RFC7797 b64=false JWS payloads without applying JWSRegistry.max_payload_length, which can lead to

  • CVE-2026-27932Mar 3, 2026
    affected < 1.6.3-1.1fixed 1.6.3-1.1

    joserfc is a Python library that provides an implementation of several JSON Object Signing and Encryption (JOSE) standards. In 1.6.2 and earlier, a resource exhaustion vulnerability in joserfc allows an unauthenticated attacker to cause a Denial of Service (DoS) via CPU exhaustio