An error during signature verification can be treated as a successful verification.

PKSA-nh5k-9wsp-k4zd

Affected version: <2.10.4

Reported by:
FriendsOfPHP/security-advisories

Vulnerability to Response Wrapping attacks resulting in a malicious user gaining unauthorized access to a system.

PKSA-4x6t-byc2-3fqx CVE-2016-1000253

Affected version: <2.10.0

Reported by:
FriendsOfPHP/security-advisories