From 3988e13c0abc4f032ffb8909eef273f3ee1c48b7 Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Mon, 2 Feb 2026 17:37:12 +0100
Subject: python3-pyjwt: ignore CVE-2025-45768

Details: https://nvd.nist.gov/vuln/detail/CVE-2025-45768

The CVE is disputed: though the vulnerability is there, but it comes
from incorrect configuration of the library by the main application.

Due to this, ignore this CVE.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'meta-python')

diff --git a/meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb b/meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb
index 37675f1b63..0a928dc2fa 100644
--- a/meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb
+++ b/meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb
@@ -9,6 +9,8 @@ SRC_URI[sha256sum] = "3cc5772eb20009233caf06e9d8a0577824723b44e6648ee0a2aedb6cf9
 
 PYPI_PACKAGE = "pyjwt"
 CVE_PRODUCT = "pyjwt"
+CVE_STATUS[CVE-2025-45768] = "disputed: vulnerability can be avoided if the library is used correctly"
+
 inherit pypi python_setuptools_build_meta
 
 RDEPENDS:${PN} = "\
-- 
cgit v1.2.3-54-g00ecf