PyJWT is vulnerable to asymmetric/symmetric key confusion attacks. PKCS1 PEM keys that begin with -----BEGIN RSA PUBLIC KEY-----
will not be rejected by the invalid_strings
check in HMACAlgorithm.prepare_key
. Using this flaw, attackers can cause symmetric/asymmetric confusion and create JWTs from scratch.