It was discovered that PyJWT, a Python implementation of JSON Web Token performed insufficient validation of some public key types, which could allow a remote attacker to craft JWTs from scratch.