Hi @tokusumi @jleclanche @garyd203 @justinrmiller @sindrig @discdiver @jurasofish
when using this great repo for authentication (in our case Cognito authentication), we get the following error in Trivy
┌────────────────────────┬────────────────┬──────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Status │ Installed Version │ Fixed Version │ Title │
├────────────────────────┼────────────────┼──────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ python-jose (METADATA) │ CVE-2024-33663 │ CRITICAL │ affected │ 3.3.0 │ │ python-jose: algorithm confusion with OpenSSH ECDSA keys and │
│ │ │ │ │ │ │ other key formats │
│ │ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2024-33663 │
└────────────────────────┴────────────────┴──────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘
This error seems to be quite severe and it stems from python-jose.
Could you perhaps replace python-jose with PyJWT and authlib?
Hi @tokusumi @jleclanche @garyd203 @justinrmiller @sindrig @discdiver @jurasofish
when using this great repo for authentication (in our case Cognito authentication), we get the following error in Trivy
This error seems to be quite severe and it stems from
python-jose.Could you perhaps replace
python-josewithPyJWTandauthlib?