scheb/two-factor-bundle Security Advisories for v3.0.0-beta2 (2)
-
[HIGH] Vulnerability to bypass two-factor authentication with remember-me option
PKSA-fzh9-hxqm-sgs7 GHSA-h6mp-mc7g-mg49
Affected version: >=4.0.0,<4.11.0|>=3.0.0,<3.26.0|>=0.0.0,<3.0.0
Reported by:
GitHub, FriendsOfPHP/security-advisories -
[HIGH] Vulnerability to bypass two-factor authentication with unverified JWT trusted device token
PKSA-wk7g-q55p-55xx GHSA-9phw-7h96-q3rv
Affected version: >=3.0.0,<3.7.0
Reported by:
GitHub, FriendsOfPHP/security-advisories