getting-started-python icon indicating copy to clipboard operation
getting-started-python copied to clipboard
verified publisher icon GoogleCloudPlatform

Replace python-jose dependency

Open Jipje opened this issue 1 year ago • 2 comments

A vulnerability has been found in the ecdsa dependency which will not be patched in the python-jose package. python-jose seems to be abandoned. Other people are also encountering these security issues.

I suggest to update authenticating-users/main.py to not use this insecure package. A commonly used alternative is PyJWT.

Jipje avatar May 02 '24 09:05 Jipje

Further searching also shows that GoogleCloudPlatform/python-docs-samples/iap/validate_jwt.py could contain a potential solution

Jipje avatar May 02 '24 09:05 Jipje

Thanks for reporting this issue! We'll address it promptly.

vchudnov-g avatar May 20 '24 22:05 vchudnov-g