OESA-2022-1710

See a problem?
Please try reporting it to the source first.

Source

https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1710

Import Source

https://repo.openeuler.org/security/data/osv/OESA-2022-1710.json

JSON Data

https://api.osv.dev/v1/vulns/OESA-2022-1710

Upstream

CVE-2022-29217

Published

2022-06-17T11:03:53Z

Modified

2025-09-03T06:18:13.278711Z

Summary

python-jwt security update

Details

PyJWT is a Python library which allows you to encode and decode JSON Web Tokens (JWT). \ JWT is an open, industry-standard (RFC 7519) for representing claims securely between two parties.

Security Fix(es):

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can specify jwt.algorithms.get_default_algorithms() to get support for all algorithms, or specify a single algorithm. The issue is not that big as algorithms=jwt.algorithms.get_default_algorithms() has to be used. Users should upgrade to v2.4.0 to receive a patch for this issue. As a workaround, always be explicit with the algorithms that are accepted and expected when decoding.(CVE-2022-29217)

Database specific

{
    "severity": "High"
}

References

Affected packages

openEuler:20.03-LTS-SP1 / python-jwt

Package

Name: python-jwt
Purl: pkg:rpm/openEuler/python-jwt&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.7.1-3.oe1

Ecosystem specific

{
    "noarch": [
        "python2-jwt-1.7.1-3.oe1.noarch.rpm",
        "python3-jwt-1.7.1-3.oe1.noarch.rpm",
        "python-jwt-help-1.7.1-3.oe1.noarch.rpm"
    ],
    "src": [
        "python-jwt-1.7.1-3.oe1.src.rpm"
    ]
}

openEuler:20.03-LTS-SP3 / python-jwt

Package

Name: python-jwt
Purl: pkg:rpm/openEuler/python-jwt&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.7.1-3.oe1

Ecosystem specific

{
    "noarch": [
        "python-jwt-help-1.7.1-3.oe1.noarch.rpm",
        "python2-jwt-1.7.1-3.oe1.noarch.rpm",
        "python3-jwt-1.7.1-3.oe1.noarch.rpm"
    ],
    "src": [
        "python-jwt-1.7.1-3.oe1.src.rpm"
    ]
}

openEuler:22.03-LTS / python-jwt

Package

Name: python-jwt
Purl: pkg:rpm/openEuler/python-jwt&distro=openEuler-22.03-LTS

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.3.0-3.oe2203

Ecosystem specific

{
    "noarch": [
        "python3-jwt-2.3.0-3.oe2203.noarch.rpm",
        "python-jwt-help-2.3.0-3.oe2203.noarch.rpm"
    ],
    "src": [
        "python-jwt-2.3.0-3.oe2203.src.rpm"
    ]
}