CVE-2024-33663

MEDIUM

Python-jose < 3.3.0 - Broken Cryptographic Algorithm

Title source: rule
STIX 2.1

Description

python-jose through 3.3.0 has algorithm confusion with OpenSSH ECDSA keys and other key formats. This is similar to CVE-2022-29217.

References (2)

Scores

CVSS v3 6.5
EPSS 0.0068
EPSS Percentile 71.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-327
Status published
Products (2)
pypi/python-jose 0 - 3.4.0PyPI
python-jose_project/python-jose < 3.3.0
Published Apr 26, 2024
Tracked Since Feb 18, 2026