CVE-2026-39373
- EPSS 0.08%
- Veröffentlicht 07.04.2026 19:35:36
- Zuletzt bearbeitet 15.04.2026 17:17:58
JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted JWE tokens with ZIP compression. The existing patch for CVE-2024-28102 limits in...
CVE-2024-28102
- EPSS 0.36%
- Veröffentlicht 21.03.2024 02:52:23
- Zuletzt bearbeitet 22.12.2025 16:09:47
JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this...
CVE-2023-6681
- EPSS 0.03%
- Veröffentlicht 12.02.2024 14:15:08
- Zuletzt bearbeitet 21.11.2024 08:44:20
A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computati...
CVE-2016-6298
- EPSS 0.37%
- Veröffentlicht 01.09.2016 23:59:01
- Zuletzt bearbeitet 06.05.2026 22:30:45
The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA).