VDB
DEBIAN-CVE-2024-28102
DEBIAN-CVE-2024-28102
PUBLISHED
CVSS 6.800000190734863 MEDIUM
JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and processing time. Version 1.5.6 fixes this vulnerability by limiting the maximum token length.
Risk Scores
CVSS v3.1
6.800000190734863
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | python-jwcrypto | 1.1.0-1, 0, 1.1.0-1 |
| Debian:14 | python-jwcrypto | 0, 0 |
| Debian:13 | python-jwcrypto | 0, 0 |
| Debian:11 | python-jwcrypto | 0.8.0-1, 0.8.0-1, 0 |
Timeline
- Mar 21, 2024 CVE Published
- Apr 28, 2026 CVE Updated