Lucene search
Veracode Vulnerability DatabaseVERACODE:46664HistoryApr 29, 2024 - 6:33 a.m.
Improper Signature Validation
2024-04-2906:33:23
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
vulnerability
improper verification
openssh ecdsa keys
security measures
cryptographic functions
crafted signatures
algorithm parameter
python-jose is vulnerable to Improper Signature Validation. This vulnerability is due to improper verification of OpenSSH ECDSA keys along with other key formats, allowing attackers to bypass security measures or manipulate cryptographic functions by submitting crafted signatures with a specific signature algorithm header. To mitigate the vulnerability, ensure the algorithm parameter is set when calling the decode() function.
| CPE | Name | Operator | Version |
|---|---|---|---|
| python-jose | le | 3.3.0 | |
| python-jose | le | 3.3.0 |
Related
openvas
openvas
openSUSE: Security Advisory for python (openSUSE-SU-2024:0118-1)
2024-05-08 00:00:00
debiancve
debiancve
CVE-2024-33663
2024-04-26 00:15:09
ubuntucve
ubuntucve
CVE-2024-33663
2024-04-26 00:00:00
github
github
python-jose algorithm confusion with OpenSSH ECDSA keys
2024-04-26 00:30:35
cvelist
cvelist
CVE-2024-33663
2024-04-25 00:00:00
cve
cve
CVE-2024-33663
2024-04-26 00:15:09
nessus
nessus
openSUSE 15 Security Update : python-python-jose (openSUSE-SU-2024:0118-1)
2024-05-08 00:00:00
osv
osv
python-jose algorithm confusion with OpenSSH ECDSA keys
2024-04-26 00:30:35
CVE-2024-33663
2024-04-26 00:15:09
redhatcve
redhatcve
CVE-2024-33663
2024-04-26 06:04:23