High CVSS score for CVE-2024-23342

[kwismann]

Is there anybody still around with insight on how to fix this issue?
GHSA-wj6h-64fc-37mp

[neverpanic]

Have you read the advisory? It says:

As stated in the security policy side-channel vulnerabilities are outside the scope of the project. Not because we don't want side-channel secure implementation, but because the main goal of the project is to be pure python and implementing side-channel free code in pure python is impossible.

See also previous reports and their discussion on the topic. @tomato42 makes it very clear in a comment in #330:

I don't want people to use this library in production environments...

It's a teaching tool, it's a testing tool, it's absolutely not an production grade implementation.
I maintain it to have support for ECDH and ECDSA in tlsfuzzer, which I need to be first and foremost portable. Security does not even enter a picture for that tool.

If you need enterprise grade implementation you should use pyca/cryptography.