PYSEC-2024-104

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/jwcrypto/PYSEC-2024-104.yaml
JSON Data
https://api.test.osv.dev/v1/vulns/PYSEC-2024-104
Aliases
Published
2024-02-12T14:15:00Z
Modified
2024-10-10T17:59:00.712159Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack.

References

Affected packages

PyPI / jwcrypto

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.5.1

Affected versions

0.*

0.2.0
0.2.1
0.3.0
0.3.1
0.4.0
0.4.1
0.4.2
0.5.0
0.6.0
0.7
0.8
0.9
0.9.1

1.*

1.0
1.2
1.3
1.3.1
1.4
1.4.1
1.4.2
1.5.0