CVE-2021-41803 HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 don't validate node or segment names before using it in JWT claim assertions with the auto config RPC.
The above findings indicate that HashiCorp Consul versions 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 are vulnerable
CVE-2022-29217 - PyJWT Vulnerability: Unintended Signing Algorithm Acceptance
Summary: A security vulnerability (CVE-2022-29217) was discovered in the PyJWT library. It allows an attacker to exploit the unspecified signing algorithms and potentially compromise tokens.