-
Notifications
You must be signed in to change notification settings - Fork 60
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SOLVED: CVE-2024-23342 ecdsa
may be vulnerable to the Minerva attack
#178
Comments
We already use How ever, Python-Jose seems to be pretty un maintained, which raises an argument to switch to PyJWT. I'll close this issue, but this discussion can be continued if we/anyone see a need to migrate. |
Pinning, since I keep getting emails about this. |
ecdsa
may be vulnerable to the Minerva attackecdsa
may be vulnerable to the Minerva attack
Seems we have a dependency with a security flaw https://www.cve.org/CVERecord?id=CVE-2024-23342. Did anyone assess the risk associated with using the
fastapi-azure-auth
library with this dependency?According to the maintainer it's a "wontfix" tlsfuzzer/python-ecdsa#330 (comment) so if it is unsafe we should probably switch to a non-pure python implementation of string comparisons.
The text was updated successfully, but these errors were encountered: