Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8
CVE-2024-28102
- EPSS 0.1%
- Published 21.03.2024 02:52:23
- Last modified 21.11.2024 09:05:49
JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this...
5.3
CVE-2023-6681
- EPSS 0.03%
- Published 12.02.2024 14:15:08
- Last modified 21.11.2024 08:44:20
A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computati...
5.3
CVE-2016-6298
- EPSS 0.37%
- Published 01.09.2016 23:59:01
- Last modified 12.04.2025 10:46:40
The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA).
1