python-jose

python-jose copied to clipboard

CVE-2024-23342, High level vulnerability

1

Hey guys, python-jose is affected by CVE-2024-23342 through its ecdsa dependency. The vulnerability stems from insufficient validation in ECDSA key handling, which could potentially allow signature forgery. Could you please...

navya-sriv

JWT `aud` validation raises "Invalid audience" for `audience=None`

1

### Description > **With python-Jose `3.5.0` run on Python `3.12.3`** When calling [`_validate_aud`](https://github.com/mpdavis/python-jose/blob/master/jose/jwt.py#L334) at `jose/jwt.py` passing the following arguments: - `claims` param receiving an instance of Mapping[str,Any] with a key...

temple

It used to fail with TypeError: curve must be an EllipticCurve instance I copied the fix from https://github.com/web-push-libs/pywebpush/issues/159.

dotlambda