Algorithm Confusion in python-jose Could Affect OpenSSH ECDSA Keys and Other Key Formats
CVE-2024-33663

Currently unrated

Key Information:

Vendor
python-jose
Vendor
CVE Published:
26 April 2024

Summary

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.

References

https://github.com/mpdavis/python-jose/issues/346

Timeline

  • Vulnerability published

.