web-token/jwt-framework Security Advisories - Packagist | Ecosyste.ms: Advisories

web-token/jwt-framework

JSON Object Signing and Encryption library for PHP and Symfony Bundle.

View on github.com · View on packagist.org

Security Advisories for web-token/jwt-framework in packagist

Moderate

about 9 hours ago

PHP JWT Library: RSA1_5 (RSAES-PKCS1-v1_5) decryption lacks implicit rejection, exposing a Bleichenbacher/Marvin padding oracle GSA_kwCzR0hTQS01NzM5LTM5djItNTc1NM4ABZHv

packagist web-token/jwt-library, web-token/jwt-framework

High

about 9 hours ago

PHP JWT Framework: JWSVerifier uses algorithm from unprotected header, enabling algorithm confusion attacks GSA_kwCzR0hTQS1qYzM4LXg3eDgtMnhjOM4ABZHu

packagist web-token/jwt-library, web-token/jwt-framework

High

about 9 hours ago

PHP JWT Library: PBES2-HS+AKW unwrap accepts an unbounded p2c iteration count, enabling CPU-amplification denial of service GSA_kwCzR0hTQS0zcHJqLTZocXctY204Ms4ABZHt

packagist web-token/jwt-library, web-token/jwt-framework

Filter by Severity

High 2 Moderate 1