python-jose icon indicating copy to clipboard operation
python-jose copied to clipboard
verified publisher icon mpdavis

CVE-2024-23342, High level vulnerability

Open navya-sriv opened this issue 2 months ago • 1 comments

Hey guys, python-jose is affected by CVE-2024-23342 through its ecdsa dependency. The vulnerability stems from insufficient validation in ECDSA key handling, which could potentially allow signature forgery. Could you please take a look and see if there’s a way to address this?

navya-sriv avatar Oct 06 '25 08:10 navya-sriv

Is there anything regarding this issue?

SerbanTudor04 avatar Nov 18 '25 15:11 SerbanTudor04