CVE-2024-33663

MEDIUM

python-jose < 3.3.0 - Algorithm Confusion with OpenSSH ECDSA Keys

Title source: llm
STIX 2.1

Description

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.

References (2)

Core 2
Core References
Exploit, Issue Tracking, Vendor Advisory
https://github.com/mpdavis/python-jose/issues/346

Scores

CVSS v3 6.5
EPSS 0.0031
EPSS Percentile 22.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-327
Status published
Products (2)
pypi/python-jose 0 - 3.4.0PyPI
python-jose_project/python-jose < 3.3.0
Published Apr 26, 2024
Tracked Since Feb 18, 2026