web-token/jwt-bundle Security Advisories for v1.3.0 (1)
-
[HIGH] PHP JWT Framework: JWSVerifier uses algorithm from unprotected header, enabling algorithm confusion attacks
PKSA-5yb6-pjs2-zg93 GHSA-jc38-x7x8-2xc8
Affected version: >=4.1.0,<4.1.7|>=4.0.0,<4.0.7|<3.4.10
Reported by:
GitHub