Workflow

PyPi: Fastapi-Azure-Auth

CVE-2024-33663

Transitive

Safety vulnerability ID: 71284

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Apr 26, 2024 Updated at Sep 08, 2024
Scan your Python projects for vulnerabilities →

Advisory

Fastapi-azure-auth version 4.4.0 migrates from python-jose to PyJWT due to the security vulnerability identified as CVE-2024-33663.

Affected package

fastapi-azure-auth

Latest version: 5.0.1

Easy and secure implementation of Azure AD for your FastAPI APIs

Affected versions

Fixed versions

Vulnerability changelog

What's Changed
* Migrate from python-jose to PyJWT by dvdalilue in https://github.com/Intility/fastapi-azure-auth/pull/194
- This resolves [GHSA-6c5p-j8vq-pqhj](https://github.com/advisories/GHSA-6c5p-j8vq-pqhj), thank you so much dvdalilue.

Other
* chore(deps): bump actions/cache from 4.0.1 to 4.0.2 by dependabot in https://github.com/Intility/fastapi-azure-auth/pull/190
* chore(deps): bump peaceiris/actions-gh-pages from 3 to 4 by dependabot in https://github.com/Intility/fastapi-azure-auth/pull/193

New Contributors
* dvdalilue made their first contribution in https://github.com/Intility/fastapi-azure-auth/pull/194

**Full Changelog**: https://github.com/Intility/fastapi-azure-auth/compare/4.3.1...4.4.0

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application