Improper Cleanup on Thrown Exception

Overview Affected versions of this package are vulnerable to Improper Cleanup on Thrown Exception via the getsigningkey function. An attacker can exhaust system resources by sending numerous JWTs with attacker-controlled kid values, causing repeated outbound requests to the JWKS endpoint. Note:...

fence-agents security update

4.10.0-98.13 - bundled pyasn1: fix CVE-2026-30922 Resolves: RHEL-157201 4.10.0-98.12 - bundled cryptography: replace with dependency to fix CVE-2026-26007 - bundled PyJWT: upgrade to v2.12.1 to fix CVE-2026-32597 Resolves: RHEL-148436, RHEL-155675...

fence-agents security update

4.16.0-13.4 - bundled pyasn1: replace with dependency to fix CVE-2026-30922 - bundled PyJWT: upgrade to v2.12.1 to fix CVE-2026-32597 Resolves: RHEL-157186, RHEL-155667...

Inadequate Encryption Strength

Overview Affected versions of this package are vulnerable to Inadequate Encryption Strength due to the HMAC and RSA key lengths used in the JSON Web Signature JWS implementation not meeting recommended security standards. Remediation Upgrade pyjwt to version 2.11.0 or higher. References - GitHub...

SUSE CVE-2022-29217

PyJWT is a Python implementation of RFC 7519. PyJWT supports multiple different JWT signing algorithms. With JWT, an attacker submitting the JWT token can choose the used signing algorithm. The PyJWT library requires that the application chooses what algorithms are supported. The application can...