PYSEC-2024-104 — Vulnetix

PYSEC-2024-104 PUBLISHED CVSS 5.300000190734863 MEDIUM

A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack.

Risk Scores

CVSS v3.1

5.300000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products

Vendor	Product	Versions
PyPI	jwcrypto	0.2.0, 0.2.1, 0.3.0

Timeline

Feb 12, 2024 CVE Published
Oct 10, 2024 CVE Updated
May 1, 2026 Distribution Patch
May 1, 2026 Security Advisory

References

https://bugzilla.redhat.com/show_bug.cgi?id=2260843 report
https://access.redhat.com/security/cve/CVE-2023-6681 advisory
https://access.redhat.com/errata/RHSA-2024:3267 advisory

Open in Interactive Console →