Security Advisory

CVE-2024-28102

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-03-06 21:09:58

Last updated 2024-09-09 13:06:44

Assigner GitHub_M

State PUBLISHED

Description

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and processing time. Version 1.5.6 fixes this vulnerability by limiting the maximum token length.

← Browse all CVEs View on cve.org ↗