Количество 2
Количество 2
CVE-2021-46743
In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way to use the PHP-JWT library unsafely, but might not be considered a vulnerability in the library itself.
GHSA-8xf4-w7qw-pjjw
Firebase PHP-JWT key/algorithm type confusion
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-46743 In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way to use the PHP-JWT library unsafely, but might not be considered a vulnerability in the library itself. | CVSS3: 9.1 | 1% Низкий | почти 4 года назад |
| GHSA-8xf4-w7qw-pjjw Firebase PHP-JWT key/algorithm type confusion | CVSS3: 9.1 | 1% Низкий | почти 4 года назад |
Уязвимостей на страницу