openSUSE-SU-2026:20644-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2026:20644-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/openSUSE-SU-2026:20644-1
- Upstream
- Related
- Published
- 2026-04-29T08:15:26Z
- Modified
- 2026-05-01T18:29:50.279480Z
- Summary
- Security update for python-jwcrypto
- Details
-
This update for python-jwcrypto fixes the following issues:
- CVE-2026-39373: weak mitigation for JWT bomb attack in the
deserializefunction can lead to memory exhaustion via crafted compressed JWE tokens (bsc#1261802).
- CVE-2026-39373: weak mitigation for JWT bomb attack in the
- References