Safety vulnerability ID: 66969
The information on this page was manually curated by our Cybersecurity Intelligence Team.
JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and processing time. Version 1.5.6 fixes this vulnerability by limiting the maximum token length. See CVE-2024-28102.
Latest version: 1.5.6
Implementation of JOSE Web standards
JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and processing time. Version 1.5.6 fixes this vulnerability by limiting the maximum token length. See CVE-2024-28102.
MISC:https://github.com/latchset/jwcrypto/commit/90477a3b6e73da69740e00b8161f53fea19b831f: https://github.com/latchset/jwcrypto/commit/90477a3b6e73da69740e00b8161f53fea19b831f
MISC:https://github.com/latchset/jwcrypto/security/advisories/GHSA-j857-7rvv-vj97: https://github.com/latchset/jwcrypto/security/advisories/GHSA-j857-7rvv-vj97
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application