jwcrypto@0.2.0 vulnerabilities

Implementation of JOSE Web standards

Known vulnerabilities in the jwcrypto package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Allocation of Resources Without Limits or Throttling Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to an unbounded PBES2 Count value in the PBKDF2 algorithm. An attacker can cause a denial of service by supplying a large PBES2 Count value, leading to excessive computation. This is only exploitable if applications allow the use of the PBKDF2 algorithm. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `jwcrypto` to version 1.5.1 or higher.	[,1.5.1)
H Authentication Bypass Affected versions of this package are vulnerable to Authentication Bypass because it is possible to auto-detect the type of token being provided. This can lead the application to incorrect conclusions about the trustworthiness of the token. How to fix Authentication Bypass? Upgrade `jwcrypto` to version 1.4 or higher.	[,1.4)
M Information Exposure `jwcrypto` is a Implementation of JOSE Web standards The `Rsa15` class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA).	[,0.3.2)