Keijot

**Name of the Vulnerable Software and Affected Versions** PyJWT versions prior to 2.13.0 **Description** PyJWKClient passes the `uri` argument directly to `urllib.request.urlopen()`, which utilizes the default OpenerDirector of the Python standard library. This allows the registration of HTTPHandler, HTTPSHandler, FTPHandler, FileHandler, and DataHandler without a documented option to restrict the schemes being fetched. If an application accepts attacker-influenced URLs through the jku ingestion path, such as from a JWT header, configuration file, or OAuth flow parameter, an attacker can perform Server-Side Request Forgery (SSRF). This can lead to reading arbitrary local files via the `file://` scheme, attempting FTP or data-URI fetches, or forging tokens that the library verifies as valid. **Recommendations** Update to version 2.13.0.