Dovecot is vulnerable to arbitrary file write. It does not correctly escape kid and azp fields in JWT tokens. This may be used to supply attacker controlled keys to validate tokens in some configurations. This requires attacker to be able to write files to local disk.
dovecot.org/security
lists.fedoraproject.org/archives/list/[email protected]/message/JB2VTJ3G2ILYWH5Y2FTY2PUHT2MD6VMI/
lists.fedoraproject.org/archives/list/[email protected]/message/TK424DWFO2TKJYXZ2H3XL633TYJL4GQN/
secdb.alpinelinux.org/edge/main.yaml
security.gentoo.org/glsa/202107-41
www.openwall.com/lists/oss-security/2021/06/28/1