Red Hat Security Advisory: python-jwcrypto security update
A vulnerability in the python-jwcrypto package used in Red Hat Enterprise Linux 9 allows a malicious JSON Web Encryption (JWE) token to cause a denial of service condition. This issue is tracked as CVE-2024-28102 and is categorized under CWE-400 (Uncontrolled Resource Consumption). Red Hat has released an updated python-jwcrypto package to address this vulnerability. The severity is assessed as medium based on the advisory. No known exploits are reported in the wild. Users of affected Red Hat Enterprise Linux 9 versions should apply the provided security update to remediate the issue.
AI Analysis
Technical Summary
The python-jwcrypto package, which implements JOSE standards including JSON Web Key, Signature, Encryption, and Token, contains a vulnerability (CVE-2024-28102) where processing a malicious JWE token can lead to denial of service. This is due to uncontrolled resource consumption (CWE-400). The issue affects multiple Red Hat Enterprise Linux 9 variants and has been addressed by Red Hat in advisory RHSA-2024:2559 through updated package versions. The vulnerability does not have a CVSS score but is rated moderate by Red Hat.
Potential Impact
Successful exploitation of this vulnerability can cause denial of service by resource exhaustion when processing malicious JWE tokens. This could disrupt applications relying on python-jwcrypto for JOSE operations, potentially impacting availability. There are no reports of active exploitation in the wild.
Mitigation Recommendations
Red Hat has released updated python-jwcrypto packages for Red Hat Enterprise Linux 9 to fix this vulnerability. Users should apply these official updates as detailed in Red Hat advisory RHSA-2024:2559. Ensure all prior relevant errata are applied before updating. No additional mitigation steps are indicated by the vendor.
Red Hat Security Advisory: python-jwcrypto security update
Description
A vulnerability in the python-jwcrypto package used in Red Hat Enterprise Linux 9 allows a malicious JSON Web Encryption (JWE) token to cause a denial of service condition. This issue is tracked as CVE-2024-28102 and is categorized under CWE-400 (Uncontrolled Resource Consumption). Red Hat has released an updated python-jwcrypto package to address this vulnerability. The severity is assessed as medium based on the advisory. No known exploits are reported in the wild. Users of affected Red Hat Enterprise Linux 9 versions should apply the provided security update to remediate the issue.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The python-jwcrypto package, which implements JOSE standards including JSON Web Key, Signature, Encryption, and Token, contains a vulnerability (CVE-2024-28102) where processing a malicious JWE token can lead to denial of service. This is due to uncontrolled resource consumption (CWE-400). The issue affects multiple Red Hat Enterprise Linux 9 variants and has been addressed by Red Hat in advisory RHSA-2024:2559 through updated package versions. The vulnerability does not have a CVSS score but is rated moderate by Red Hat.
Potential Impact
Successful exploitation of this vulnerability can cause denial of service by resource exhaustion when processing malicious JWE tokens. This could disrupt applications relying on python-jwcrypto for JOSE operations, potentially impacting availability. There are no reports of active exploitation in the wild.
Mitigation Recommendations
Red Hat has released updated python-jwcrypto packages for Red Hat Enterprise Linux 9 to fix this vulnerability. Users should apply these official updates as detailed in Red Hat advisory RHSA-2024:2559. Ensure all prior relevant errata are applied before updating. No additional mitigation steps are indicated by the vendor.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2024:2559
- Cve Count
- 1
- Additional Cves
- []
- Cvss Version
- null
Threat ID: 6a1f4ea2e29bf47b50088741
Added to database: 6/2/2026, 9:44:02 PM
Last enriched: 6/2/2026, 10:29:17 PM
Last updated: 6/3/2026, 5:04:42 AM
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.