python-jose icon indicating copy to clipboard operation
python-jose copied to clipboard
verified publisher icon mpdavis

algorithm confusion issue

Open prasadayush opened this issue 11 months ago • 1 comments

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.

Below are the risk factors associated to this issue - Critical severity, Package in use

Vulnerability link - https://nvd.nist.gov/vuln/detail/CVE-2024-33663

prasadayush avatar Jan 30 '25 08:01 prasadayush

I recommend updating to the latest version of python-jose, as this vulnerability was addressed in issue #346 and fixed in #369.

KishinNext avatar Feb 22 '25 18:02 KishinNext