Описание
namshi/jose - Verification bypass
Several widely-used JSON Web Token (JWT) libraries, including node-jsonwebtoken, pyjwt, namshi/jose, php-jwt, and jsjwt, are affected by critical vulnerabilities that could allow attackers to bypass the verification step when using asymmetric keys (RS256, RS384, RS512, ES256, ES384, ES512).
Пакеты
Наименование
namshi/jose
composer
Затронутые версииВерсия исправления
< 2.2.0
2.2.0