Aradona91

**Name of the Vulnerable Software and Affected Versions** PyJWT versions prior to 2.13.0 **Description** PyJWT is a JSON Web Token implementation in Python. When the verifier decodes JSON Web Tokens while supporting both asymmetric and HMAC algorithms, the library fails to validate the use of JSON Web Keys in the HMAC algorithm. This allows an attacker to use the issuer public key as the secret key for the HMAC algorithm. **Recommendations** Update to version 2.13.0.

**Name of the Vulnerable Software and Affected Versions** python-ldap versions prior to 3.4.5 **Description** python-ldap is a lightweight directory access protocol (LDAP) client API for Python. The `ldap.dn.escape dn chars()` function incorrectly escapes `x00` by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form `00`. This can cause applications using this helper to construct Distinguished Names (DNs) from untrusted input to fail before a request is sent to the LDAP server, resulting in a client-side denial of service. **Recommendations** Update to python-ldap version 3.4.5 or later.