Critical severityNVD Advisory· Published Apr 25, 2024· Updated Sep 3, 2024
CVE-2024-33663
CVE-2024-33663
Description
python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
python-josePyPI | < 3.4.0 | 3.4.0 |
Affected products
6- python-jose/python-josedescription
- osv-coords5 versionspkg:apk/chainguard/awxpkg:pypi/python-josepkg:rpm/opensuse/python-cryptography&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python-python-jose&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/python-python-jose&distro=SUSE%20Package%20Hub%2015%20SP5
< 24.6.1-r19+ 4 more
- (no CPE)range: < 24.6.1-r19
- (no CPE)range: < 3.4.0
- (no CPE)range: < 3.3.0-3.1
- (no CPE)range: < 3.0.1-bp155.3.3.1
- (no CPE)range: < 3.0.1-bp155.3.3.1
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-6c5p-j8vq-pqhjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-33663ghsaADVISORY
- github.com/mpdavis/python-jose/issues/346ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/python-jose/PYSEC-2024-232.yamlghsaWEB
- www.vicarius.io/vsociety/posts/algorithm-confusion-in-python-jose-cve-2024-33663ghsaWEB
News mentions
0No linked articles in our index yet.