rpm package
opensuse/python-jwcrypto&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/python-jwcrypto&distro=openSUSE%20Tumbleweed
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-39373 | Med | 5.3 | < 1.5.7-2.1 | 1.5.7-2.1 | Apr 7, 2026 | JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for CVE-2024-28102 limits input token size to 250KB but do | |
| CVE-2022-3102 | med | — | < 1.4.2-1.1 | 1.4.2-1.1 | Sep 21, 2022 | The JWT code can auto-detect the type of token being provided, and this can lead the application to incorrect conclusions about the trustworthiness of the token. Quoting the private disclosure we received : "Under certain circumstances, it is possible to substitute a [..] signed |
- affected < 1.5.7-2.1fixed 1.5.7-2.1
JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for CVE-2024-28102 limits input token size to 250KB but do
- affected < 1.4.2-1.1fixed 1.4.2-1.1
The JWT code can auto-detect the type of token being provided, and this can lead the application to incorrect conclusions about the trustworthiness of the token. Quoting the private disclosure we received : "Under certain circumstances, it is possible to substitute a [..] signed