SUSE Package Hub - openSUSE-2026-130

Update Info

openSUSE-2026-130

Security update for python-jwcrypto

Type: security

Severity: important

Issued: 2026-04-16

Description:

This update for python-jwcrypto fixes the following issues:

- CVE-2022-3102: jwcrypto token substitution can lead to authentication bypass (boo#1209496)
- CVE-2023-6681: denial of service Via specifically crafted JWE (boo#1219837)
- CVE-2024-28102: malicious JWE token can cause denial of service (boo#1221230)
- CVE-2026-39373: Memory exhaustion via crafted compressed JWE tokens (boo#1261802)

References

CVE: CVE-2026-39373
CVE: CVE-2024-28102
CVE: CVE-2023-6681
CVE: CVE-2022-3102
Bugzilla: 1261802 VUL-0: CVE-2026-39373: python-jwcrypto: Memory exhaustion via crafted compressed JWE tokens
Bugzilla: 1221230 VUL-0: CVE-2024-28102: python-jwcrypto: malicious JWE token can cause denial of service
Bugzilla: 1219837 VUL-0: CVE-2023-6681: python-jwcrypto: denial of service Via specifically crafted JWE
Bugzilla: 1209496 VUL-0: CVE-2022-3102: python-jwcrypto: jwcrypto token substitution can lead to authentication bypass

Packages

python-jwcrypto-0.7-bp156.4.3.1