CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

93 matches found

CVE•added 2024/04/25 12:0 a.m.•149 views

CVE-2024-33663

CVE-2024-33663 concerns python-jose up to version 3.3.0, where an algorithm confusion occurs between OpenSSH ECDSA keys and other key formats. The issue, described across multiple feeds (CNNVD, Debian tracker, CVE lists), is analogous to CVE-2022-29217 and is framed as a key-format/algorithm conf...

6.5CVSS7.3AI score0.00307EPSS

Exploits1References2Affected Software1

vulnersOsv•added 2022/05/17 3:2 a.m.•3 views

datawire-cloudtools (=0.2.6) potentially affected by CVE-2016-7036 via python-jose (=0.5.5)

python-jose PYPI version =0.5.5 is affected by a known vulnerability. The following packages have a transitive dependency on python-jose and may be impacted: - datawire-cloudtools =0.2.6 Source cves: CVE-2016-7036 Source advisory: OSV:GHSA-W799-PRG3-CX77...

9.8CVSS7.2AI score0.02094EPSS

Exploits0

Github Security Blog•added 2022/05/17 3:2 a.m.•23 views

python-jose failure to use a constant time comparison for HMAC keys

python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys...

9.8CVSS7.2AI score0.02094EPSS

Exploits0References7Affected Software1

OSV•added 2022/05/17 3:2 a.m.•11 views

GHSA-W799-PRG3-CX77 python-jose failure to use a constant time comparison for HMAC keys

python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys...

9.8CVSS9.6AI score0.02094EPSS

Exploits0References7

CNVD•added 2017/02/08 12:0 a.m.•1 views

Unspecified vulnerability in python-jose

python-jose is an implementation of object signing and encryption. A security vulnerability exists in python-jose 1.3.1 and earlier versions; detailed vulnerability information is not currently available...

9.8CVSS9AI score0.02094EPSS

Exploits0References1

Veracode•added 2017/01/24 2:22 a.m.•18 views

Timing Attack Via Authentication

python-jose is vulnerable to timing attacks. The vulnerability is possible because it has a flaw in verification function which allows a constant time comparison for HMAC keys...

9.8CVSS9.1AI score0.02094EPSS

Exploits0References1Affected Software1