An update for python-jwcrypto is now available for openEuler-22.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2024-1195 Final 1.0 1.0 2024-02-23 Initial 2024-02-23 2024-02-23 openEuler SA Tool V1.0 2024-02-23 python-jwcrypto security update An update for python-jwcrypto is now available for openEuler-22.03-LTS-SP1. Implements JWK, JWS, JWE specifications with python-cryptography Security Fix(es): A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack.(CVE-2023-6681) An update for python-jwcrypto is now available for openEuler-22.03-LTS-SP1. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium python-jwcrypto https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1195 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-6681 https://nvd.nist.gov/vuln/detail/CVE-2023-6681 openEuler-22.03-LTS-SP1 python3-jwcrypto-1.4.2-2.oe2203sp1.noarch.rpm python-jwcrypto-1.4.2-2.oe2203sp1.src.rpm A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack. 2024-02-23 CVE-2023-6681 openEuler-22.03-LTS-SP1 Medium 5.3 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L python-jwcrypto security update 2024-02-23 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1195