PKSA-5yb6-pjs2-zg93 Security Advisory
-
[HIGH] PHP JWT Framework: JWSVerifier uses algorithm from unprotected header, enabling algorithm confusion attacks
PKSA-5yb6-pjs2-zg93 GHSA-jc38-x7x8-2xc8
Affected package: web-token/jwt-bundle
Affected version: >=4.1.0,<4.1.7|>=4.0.0,<4.0.7|<3.4.10
Reported by:
GitHub