{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T22:29:05.227","vulnerabilities":[{"cve":{"id":"CVE-2024-28102","sourceIdentifier":"security-advisories@github.com","published":"2024-03-21T02:52:23.513","lastModified":"2025-12-22T16:09:47.343","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and processing time. Version 1.5.6 fixes this vulnerability by limiting the maximum token length."},{"lang":"es","value":"JWCrypto implementa las especificaciones JWK, JWS y JWE utilizando criptografía Python. Antes de la versión 1.5.6, un atacante podía provocar un ataque de denegación de servicio al pasar un token JWE malicioso con una alta tasa de compresión. Cuando el servidor procese este token, consumirá mucha memoria y tiempo de procesamiento. La versión 1.5.6 corrige esta vulnerabilidad limitando la longitud máxima del token."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H","baseScore":6.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.3,"impactScore":4.0}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:latchset:jwcrypto:*:*:*:*:*:*:*:*","versionEndExcluding":"1.5.6","matchCriteriaId":"E81FD736-42B4-4716-9C91-587FAC88E6B4"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*","matchCriteriaId":"FA6FEEC2-9F11-4643-8827-749718254FED"}]}]}],"references":[{"url":"https://github.com/latchset/jwcrypto/commit/90477a3b6e73da69740e00b8161f53fea19b831f","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/latchset/jwcrypto/security/advisories/GHSA-j857-7rvv-vj97","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/latchset/jwcrypto/commit/90477a3b6e73da69740e00b8161f53fea19b831f","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/latchset/jwcrypto/security/advisories/GHSA-j857-7rvv-vj97","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Vendor Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2024/09/msg00026.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","Mailing List"]},{"url":"https://www.vicarius.io/vsociety/posts/denial-of-service-vulnerability-discovered-in-jwcrypto-cve-2024-28102-28103","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Press/Media Coverage","Technical Description"]}]}}]}