An update for python-jwt is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2022-1710 Final 1.0 1.0 2022-06-17 Initial 2022-06-17 2022-06-17 openEuler SA Tool V1.0 2022-06-17 python-jwt security update An update for python-jwt is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. PyJWT is a Python library which allows you to encode and decode JSON Web Tokens (JWT). \ JWT is an open, industry-standard (RFC 7519) for representing claims securely between two parties. Security Fix(es): PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.(CVE-2022-29217) An update for python-jwt is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3 and openEuler-22.03-LTS. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High python-jwt https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1710 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2022-29217 https://nvd.nist.gov/vuln/detail/CVE-2022-29217 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS python2-jwt-1.7.1-3.oe1.noarch.rpm python3-jwt-1.7.1-3.oe1.noarch.rpm python-jwt-help-1.7.1-3.oe1.noarch.rpm python-jwt-help-1.7.1-3.oe1.noarch.rpm python2-jwt-1.7.1-3.oe1.noarch.rpm python3-jwt-1.7.1-3.oe1.noarch.rpm python3-jwt-2.3.0-3.oe2203.noarch.rpm python-jwt-help-2.3.0-3.oe2203.noarch.rpm python-jwt-1.7.1-3.oe1.src.rpm python-jwt-1.7.1-3.oe1.src.rpm python-jwt-2.3.0-3.oe2203.src.rpm PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify `jwt.algorithms.get_default_algorithms()` to get support for all algorithms, or specify a single algorithm. The issue is not that big as `algorithms=jwt.algorithms.get_default_algorithms()` has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding. 2022-06-17 CVE-2022-29217 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS High 7.4 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N python-jwt security update 2022-06-17 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1710