Описание
PHP JOSE Library by Gree Inc. Uses a Broken or Risky Cryptographic Algorithm
The PHP JOSE Library by Gree Inc. prior to 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens.
Пакеты
Наименование
gree/jose
composer
Затронутые версииВерсия исправления
< 2.2.1
2.2.1
Связанные уязвимости
CVSS3: 7.5
nvd
больше 6 лет назад
The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens.