Language:

Information about definition

Identificator: INFSA-2024:9281

Type: security

Release date: 2024-12-13 11:49:29 UTC

Information about package

The python-jwcrypto package provides Python implementations of the JSON Web Key (JWK), JSON Web Signature (JWS), JSON Web Encryption (JWE), and JSON Web Token (JWT) JOSE (JSON Object Signing and Encryption) standards.

Vulnerabilities description

CVE-2023-6681
A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack.

Severity level

CVE	Score CVSS 2.0	Score CVSS 3.x	Score CVSS 4.0
NIST — CVE-2023-6681	no information	5.3	no information

Critical, important, moderate, low

Updated packages

INFSA-2024:9281: python-jwcrypto security update

Information about definition