VYPR

rpm package

opensuse/python-jwcrypto&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/python-jwcrypto&distro=openSUSE%20Tumbleweed

Vulnerabilities (2)

  • CVE-2026-39373MedApr 7, 2026
    affected < 1.5.7-2.1fixed 1.5.7-2.1

    JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for CVE-2024-28102 limits input token size to 250KB but do

  • CVE-2022-3102medSep 21, 2022
    affected < 1.4.2-1.1fixed 1.4.2-1.1

    The JWT code can auto-detect the type of token being provided, and this can lead the application to incorrect conclusions about the trustworthiness of the token. Quoting the private disclosure we received : "Under certain circumstances, it is possible to substitute a [..] signed