diff --git a/CVE-2019-17195.patch b/CVE-2019-17195.patch
new file mode 100644
index 0000000000000000000000000000000000000000..cc0f8ba97f97ceb4b10265bc477af3f62e8cb700
--- /dev/null
+++ b/CVE-2019-17195.patch
@@ -0,0 +1,28 @@
+From 26367b6cc7300e96963faff53a68552d13942804 Mon Sep 17 00:00:00 2001
+From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
+Date: Mon, 9 Dec 2019 10:14:44 +0900
+Subject: [PATCH] Bump nimbus-jose-jwt from 4.41.1 to 7.9 (#1682)
+
+Bumps [nimbus-jose-jwt](https://bitbucket.org/connect2id/nimbus-jose-jwt) from 4.41.1 to 7.9.
+- [Changelog](https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt)
+- [Commits](https://bitbucket.org/connect2id/nimbus-jose-jwt/branches/compare/7.9..4.41.1)
+
+Signed-off-by: dependabot[bot] <support@github.com>
+(cherry picked from commit c1d393a1567cac1bcf71e2e5f252cddffa0f97cc)
+---
+ hadoop-project/pom.xml | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/hadoop-project/pom.xml b/hadoop-project/pom.xml
+index ad9c2138fb6c7..f83b74c2469b0 100644
+--- a/hadoop-project/pom.xml
++++ b/hadoop-project/pom.xml
+@@ -1329,7 +1329,7 @@
+       <dependency>
+           <groupId>com.nimbusds</groupId>
+           <artifactId>nimbus-jose-jwt</artifactId>
+-          <version>4.41.1</version>
++          <version>7.9</version>
+           <scope>compile</scope>
+           <exclusions>
+           <exclusion>
diff --git a/hadoop.spec b/hadoop.spec
index 8321065dd48fc5c7e51cc8a59f0997d581b26065..d5d7e3de50efe943c5eccf815871fbd331033a8c 100644
--- a/hadoop.spec
+++ b/hadoop.spec
@@ -11,7 +11,7 @@
 %define _binaries_in_noarch_packages_terminate_build 0
 Name:   hadoop
 Version: 3.2.1
-Release: 2
+Release: 3
 Summary: A software platform for processing vast amounts of data
 # The BSD license file is missing
 # https://issues.apache.org/jira/browse/HADOOP-9849
@@ -34,6 +34,7 @@ Source13: %{name}-yarn-site.xml
 Patch0:  CVE-2020-9492.patch
 
 Patch1: 0001-sys_errlist-undeclared.patch
+Patch2: CVE-2019-17195.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
 BuildRequires: java-1.8.0-openjdk-devel maven hostname maven-local tomcat cmake snappy openssl-devel 
@@ -1111,6 +1112,9 @@ fi
 %config(noreplace) %{_sysconfdir}/%{name}/container-executor.cfg
 
 %changelog
+* Fri Jun 25 2021 wangyue <wangyue92@huawei.com> - 3.2.1-3
+- Fix CVE-2019-17195
+
 * Fri May 14 2021 wangyue <wangyue92@huawei.com> - 3.2.1-2
 - Fix CVE-2020-9492