CVE-2024-33663

Опубликовано: 26 апр. 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.

Ссылки

https://github.com/mpdavis/python-jose/issues/346
Exploit
Issue Tracking
Vendor Advisory
https://www.vicarius.io/vsociety/posts/algorithm-confusion-in-python-jose-cve-2024-33663
Exploit
Mitigation
Third Party Advisory
https://github.com/mpdavis/python-jose/issues/346
Exploit
Issue Tracking
Vendor Advisory
https://www.vicarius.io/vsociety/posts/algorithm-confusion-in-python-jose-cve-2024-33663
Exploit
Mitigation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:python-jose_project:python-jose:*:*:*:*:*:*:*:*

Версия до 3.3.0 (включая)

EPSS

Процентиль: 71%

0.00684

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-327

Связанные уязвимости

CVE-2024-33663

CVSS3: 6.5

ubuntu

больше 1 года назад

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.

CVE-2024-33663

redhat

больше 1 года назад

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.

CVE-2024-33663

CVSS3: 6.5

debian

больше 1 года назад

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA k ...

openSUSE-SU-2024:0118-1

suse-cvrf

больше 1 года назад

Security update for python-python-jose

GHSA-6c5p-j8vq-pqhj

CVSS3: 7.4

github

больше 1 года назад

python-jose algorithm confusion with OpenSSH ECDSA keys

EPSS

Процентиль: 71%

0.00684

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-327