PyPi: Python-Jose

CVE-2024-33663

Safety vulnerability ID: 70715

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Apr 26, 2024 Updated at Sep 08, 2024

Scan your Python projects for vulnerabilities →

Advisory

Affected versions of Python-jose have a algorithm confusion vulnerability with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.

Affected package

python-jose

Latest version: 3.3.0

JOSE implementation in Python

Affected versions

Fixed versions

Vulnerability changelog

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217. See CVE-2024-33663.

MISC:https://github.com/mpdavis/python-jose/issues/346: https://github.com/mpdavis/python-jose/issues/346

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application