CVE-2023-6681
Aliases:GHSA-cw2r-4p82-qv79PYSEC-2024-104
Advisory lineage Upstream: 0 Downstream: 4
Modified
Published: 12 Feb 2024, 14:04
Last modified:26 Feb 2026, 20:34
Vulnerability Summary
Overall Risk (default)
low
21/100 CVSS Score
5.3 MEDIUM
v3.1 (cve.org)
EPSS Score
0.03% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
12 Feb 2024, 14:04
Published
Vulnerability first disclosed
26 Feb 2026, 20:34
Last Modified
Vulnerability information updated
Description
A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack.
CVSS Metrics
- v3.1•MEDIUM•Score: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Trends
Current EPSS score: 0.03%• Percentile: 9%
Techniques & Countermeasures
- CWE-400•Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
Affected Systems
- fedoraproject•fedora
38 | 39
- latchset•jwcrypto
< 1.5.1
- PyPI•jwcrypto
< 1.5.1
- redhat•enterprise_linux
8.0 | 9.0
- redhat•enterprise_linux_for_arm_64
8.0
- redhat•enterprise_linux_for_ibm_z_systems
8.0
- redhat•enterprise_linux_for_power_little_endian
8.0
References (9)
- https://access.redhat.com/errata/RHSA-2024:3267
- https://access.redhat.com/errata/RHSA-2024:9281
- https://access.redhat.com/security/cve/CVE-2023-6681
- https://bugzilla.redhat.com/show_bug.cgi?id=2260843
- https://github.com/latchset/jwcrypto/security/advisories/GHSA-cw2r-4p82-qv79
- https://nvd.nist.gov/vuln/detail/CVE-2023-6681
- https://github.com/latchset/jwcrypto/commit/d2655d370586cb830e49acfb450f87598da60be8
- https://github.com/latchset/jwcrypto
- https://github.com/pypa/advisory-database/tree/main/vulns/jwcrypto/PYSEC-2024-104.yaml