You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In addition, it looks like at the first sight only JWT::decode() had this vulnerability (this is what changes in the related PR confirms also), as of today this library only uses JWT::encode()
If I am right then adding firebase/php-jwt 6x support is nice to have.
This project uses firebase/php-jwt@5.X.X which has an insecure encryption vulnerability as detailed below:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46743
This vulnerability is remedied in firebase/php-jwt@6.X.X so can hopefully be fixed by upgrading to that version and making the required changed.
For reference:
firebase/php-jwt#351
The text was updated successfully, but these errors were encountered: