vulnerability
Oracle Linux: CVE-2024-28102: ELSA-2024-2559: python-jwcrypto security update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:M/C:N/I:N/A:C) | 03/08/2024 | 05/07/2024 | 01/08/2025 |
Severity
6
CVSS
(AV:N/AC:L/Au:M/C:N/I:N/A:C)
Published
03/08/2024
Added
05/07/2024
Modified
01/08/2025
Description
JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and processing time. Version 1.5.6 fixes this vulnerability by limiting the maximum token length.
An uncontrolled resource consumption vulnerability was found in python-jwcrypto. If a malicious JWE token with a high compression ratio is passed to the server, the server will consume a lot of memory and processing time, leading to a denial of service.
An uncontrolled resource consumption vulnerability was found in python-jwcrypto. If a malicious JWE token with a high compression ratio is passed to the server, the server will consume a lot of memory and processing time, leading to a denial of service.
Solution(s)
oracle-linux-upgrade-bind-dyndb-ldaporacle-linux-upgrade-custodiaoracle-linux-upgrade-ipa-clientoracle-linux-upgrade-ipa-client-commonoracle-linux-upgrade-ipa-client-epnoracle-linux-upgrade-ipa-client-sambaoracle-linux-upgrade-ipa-commonoracle-linux-upgrade-ipa-healthcheckoracle-linux-upgrade-ipa-healthcheck-coreoracle-linux-upgrade-ipa-python-compatoracle-linux-upgrade-ipa-selinuxoracle-linux-upgrade-ipa-serveroracle-linux-upgrade-ipa-server-commonoracle-linux-upgrade-ipa-server-dnsoracle-linux-upgrade-ipa-server-trust-adoracle-linux-upgrade-opendnssecoracle-linux-upgrade-python3-custodiaoracle-linux-upgrade-python3-ipaclientoracle-linux-upgrade-python3-ipaliboracle-linux-upgrade-python3-ipaserveroracle-linux-upgrade-python3-ipatestsoracle-linux-upgrade-python3-jwcryptooracle-linux-upgrade-python3-kdcproxyoracle-linux-upgrade-python3-pyusboracle-linux-upgrade-python3-qrcodeoracle-linux-upgrade-python3-qrcode-coreoracle-linux-upgrade-python3-yubicooracle-linux-upgrade-slapi-nisoracle-linux-upgrade-softhsmoracle-linux-upgrade-softhsm-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.