Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8
CVE-2024-28102
- EPSS 0.1%
- Veröffentlicht 21.03.2024 02:52:23
- Zuletzt bearbeitet 21.11.2024 09:05:49
JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this...
5.3
CVE-2023-6681
- EPSS 0.03%
- Veröffentlicht 12.02.2024 14:15:08
- Zuletzt bearbeitet 21.11.2024 08:44:20
A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computati...
5.3
CVE-2016-6298
- EPSS 0.37%
- Veröffentlicht 01.09.2016 23:59:01
- Zuletzt bearbeitet 12.04.2025 10:46:40
The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA).
1