GHSA-6c5p-j8vq-pqhj

Опубликовано: 26 апр. 2024

Источник: github

Github: Прошло ревью

CVSS4: 9.3

CVSS3: 7.4

Описание

python-jose algorithm confusion with OpenSSH ECDSA keys

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.

Ссылки

Пакеты

Наименование

python-jose

pip

Затронутые версииВерсия исправления

< 3.4.0

3.4.0

EPSS

Процентиль: 24%

0.00076

Низкий

9.3 Critical

CVSS4

7.4 High

CVSS3

CVE ID

CVE-2024-33663

Дефекты

CWE-327

Связанные уязвимости

CVE-2024-33663

CVSS3: 6.5

ubuntu

около 1 года назад

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.

CVE-2024-33663

redhat

около 1 года назад

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.

CVE-2024-33663

CVSS3: 6.5

nvd

около 1 года назад

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.

CVE-2024-33663

CVSS3: 6.5

debian

около 1 года назад

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA k ...

openSUSE-SU-2024:0118-1

suse-cvrf

около 1 года назад

Security update for python-python-jose

EPSS

Процентиль: 24%

0.00076

Низкий

9.3 Critical

CVSS4

7.4 High

CVSS3

CVE ID

CVE-2024-33663

Дефекты

CWE-327