Amazon Linux 2 — python-jwcrypto — multiple vulnerabilities (3 CVEs) — patch and remediation guide
🟠 High ⏱ 15–60 min Last verified: 25 May 2026 Affected versions: Amazon Linux 2 📖 ~4 min read • Source: Amazon Linux advisory ALAS2-2026-3254 Related CVEs: CVE-2024-28102 CVE-2026-39373 CVE-2023-6681 Upstream summary: JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to 1.5.7, an unauthenticated attacker can exhaust server memory by sending crafted […]