SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

We have a High severity alert for Supertokens Python SDK:

PyCryptodome and pycryptodomex side-channel leakage for OAEP decryption

The latest possible version of pycryptodome that can be installed is 3.10.4.

The earliest fixed version is 3.19.1.


Do you have an estimated time to resolve this? Thank you!

hi, the current plan is to fix this next week.

as a side-note, we are not using OAEP encryption/decrpytion, so it should not impact us (besides the warning produced by tools)

we are also tracking this in this [thread](https://discord.com/channels/603466164219281420/1304086312239763509)

Thanks for the quick answer <@435107855880683521> ! It's great to hear that alert does not have a security impact. The issue right now is the compliance impact 🙂