Exploit in the private channel authentication

PKSA-kyn4-mjp3-yprj

Affected package: pusher/pusher-php-server

Affected version: <2.2.1

Reported by:
FriendsOfPHP/security-advisories