kodiak icon indicating copy to clipboard operation
kodiak copied to clipboard

Published 20 hours ago • verified publisher icon chdsbd

CVE-2022-29217

Open StephenRadachy opened this issue 2 years ago • 1 comments

Upgrade PyJWT-1.7.1-py2.py3-none-any.whl: https://nvd.nist.gov/vuln/detail/CVE-2022-29217

StephenRadachy avatar Jun 23 '22 14:06 StephenRadachy

I don't think Kodiak is affected by this issue because Kodiak specifies the JWT algorithm: https://cs.github.com/chdsbd/kodiak/blob/cd699e620e88dd5725ec455c418c70902b7660a1/bot/kodiak/queries/init.py?q=jwt#L1320

But like these other vulnerabilities, I'd welcome a PR to update the package.

chdsbd avatar Jun 23 '22 21:06 chdsbd