Closed somurzakov-rbx closed 4 weeks ago
Related issue in python-jose
: https://github.com/mpdavis/python-jose/issues/341
python-jose[cryptography]
or not use python-jose
at all. python-jose[cryptography]
will, however, still install ecdsa
but will not use it.This should be fixed by #403 . Please submit new issue referencing this one if this is still a problem.
https://security.snyk.io/vuln/SNYK-PYTHON-ECDSA-6184115 https://nvd.nist.gov/vuln/detail/CVE-2024-23342
okta is using
python-jose
library, which in turn is usingecdsa
library.ecdsa
package has CVE-2024-23342 and currently has no version that fixes this vuln.is Okta planning to close this vuln, by removing ecdsa dependency for different library? thanks