Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.3
CVE-2025-45769
- EPSS 0.01%
- Veröffentlicht 31.07.2025 00:00:00
- Zuletzt bearbeitet 17.08.2025 04:15:39
php-jwt v6.11.0 was discovered to contain weak encryption. NOTE: this issue has been disputed on the basis that key lengths are expected to be set by an application, not by this library. This dispute is subject to review under CNA rules 4.1.4, 4.1.14...
9.1
CVE-2021-46743
- EPSS 1.07%
- Veröffentlicht 29.03.2022 07:15:07
- Zuletzt bearbeitet 21.11.2024 06:34:37
In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorre...
1