CVE-2022-29217
StephenRadachy opened this issue · comments
Stephen Radachy commented
Upgrade PyJWT-1.7.1-py2.py3-none-any.whl: https://nvd.nist.gov/vuln/detail/CVE-2022-29217
Christopher Dignam commented
I don't think Kodiak is affected by this issue because Kodiak specifies the JWT algorithm: https://cs.github.com/chdsbd/kodiak/blob/cd699e620e88dd5725ec455c418c70902b7660a1/bot/kodiak/queries/__init__.py?q=jwt#L1320
But like these other vulnerabilities, I'd welcome a PR to update the package.