python-jose is vulnerable to Improper Signature Validation. This vulnerability is due to improper verification of OpenSSH ECDSA keys along with other key formats, allowing attackers to bypass security measures or manipulate cryptographic functions by submitting crafted signatures with a specific signature algorithm header. To mitigate the vulnerability, ensure the algorithm parameter is set when calling the decode()
function.
CPE | Name | Operator | Version |
---|---|---|---|
python-jose | le | 3.3.0 | |
python-jose | le | 3.3.0 |