PyPi: Descope

CVE-2022-3602

Transitive

Safety vulnerability ID: 52092

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Nov 01, 2022 Updated at Dec 15, 2024
Scan your Python projects for vulnerabilities →

Advisory

Descope 0.3.0 updates its dependency 'cryptography' to v38.0.3 to include a security fix.

Affected package

descope

Latest version: 1.7.1

Descope Python SDK

Affected versions

Fixed versions

Vulnerability changelog

What's Changed
* Change exchange to POST by dorsha in https://github.com/descope/python-sdk/pull/63
* Change access key and refresh session to POST by dorsha in https://github.com/descope/python-sdk/pull/64
* 1. adjust email_validator for the new version (disable call for dns q… by guyp-descope in https://github.com/descope/python-sdk/pull/65
* fix: use cov xml file for result by omercnet in https://github.com/descope/python-sdk/pull/62
* chore(deps): update dependency black to v22.10.0 by descope in https://github.com/descope/python-sdk/pull/67
* Extend API to support custom claims by aviadl in https://github.com/descope/python-sdk/pull/68
* Change SAML start to be post by dorsha in https://github.com/descope/python-sdk/pull/70
* Change oauth authorize to be post by dorsha in https://github.com/descope/python-sdk/pull/71
* Fix oauth/saml start to be POST with query params by dorsha in https://github.com/descope/python-sdk/pull/72
* Add useful headers by dorsha in https://github.com/descope/python-sdk/pull/73
* Stepup take 2 by aviadl in https://github.com/descope/python-sdk/pull/74
* Adjust jwt response for access key with authz by guyp-descope in https://github.com/descope/python-sdk/pull/75
* fix(deps): update dependency cryptography to v38.0.3 [security] by descope in https://github.com/descope/python-sdk/pull/76
* fix(deps): update dependency pyjwt to v2.6.0 by descope in https://github.com/descope/python-sdk/pull/77
* chore(deps): update dependency pytest-cov to v4 by descope in https://github.com/descope/python-sdk/pull/69
* chore(deps): update dependency pytest to v7.2.0 by descope in https://github.com/descope/python-sdk/pull/79
* Add webauthn SignUpOrIn function by shilgapira in https://github.com/descope/python-sdk/pull/80
* Have both logout and logout_all as optinos by slavikm in https://github.com/descope/python-sdk/pull/81
* Add MFA support by aviadl in https://github.com/descope/python-sdk/pull/82
* chore(deps): update dependency liccheck to v0.7.3 by descope in https://github.com/descope/python-sdk/pull/83
* Management by itaihanski in https://github.com/descope/python-sdk/pull/84
* Add issuer support as url by dorsha in https://github.com/descope/python-sdk/pull/85
* Get management key from env var or config params by shilgapira in https://github.com/descope/python-sdk/pull/87
* Enchanted link support by aviadl in https://github.com/descope/python-sdk/pull/86
* Ensure management key is set before passing calls to management APIs by shilgapira in https://github.com/descope/python-sdk/pull/90
* Set localhost as default base_url (instead of prod link) by guyp-descope in https://github.com/descope/python-sdk/pull/88
* update poetry lockfile by omercnet in https://github.com/descope/python-sdk/pull/89

New Contributors
* itaihanski made their first contribution in https://github.com/descope/python-sdk/pull/84

**Full Changelog**: https://github.com/descope/python-sdk/compare/0.2.0...0.3.0

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.5

CVSS v3 Details

HIGH 7.5
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality Impact (C)
NONE
Integrity Impact (I)
NONE
Availability Availability (A)
HIGH