Aapo Oksman discovered that PyJWT incorrectly handled signatures constructed from SSH public keys. A remote attacker could use this to forge a JWT signature.
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1.5.3+ds1-1ubuntu0.1", "binary_name": "python-jwt" }, { "binary_version": "1.5.3+ds1-1ubuntu0.1", "binary_name": "python3-jwt" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1.7.1-2ubuntu2.1", "binary_name": "python3-jwt" } ] }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "2.3.0-1ubuntu0.1", "binary_name": "python3-jwt" } ] }