[HIGH] Chacha20Poly1305 key-encryption algorithm discards the Poly1305 authentication tag, performing no authentication on decryption

PKSA-p7vh-1fk6-znth GHSA-jc38-x7x8-2xc8

Affected package: web-token/jwt-framework

Affected version: <3.4.10|>=4.0.0,<4.0.7|>=4.1.0,<4.1.7

Reported by:
GitHub, FriendsOfPHP/security-advisories