Jwt
Monthly
JWT is a library to work with JSON Web Token and JSON Web Signature. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.
The verify function in Encryption/Symmetric.php in Malcolm Fell jwt before 1.0.3 does not use a timing-safe function for hash comparison, which allows attackers to spoof signatures via a timing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
JWT.php in F21 JWT before 2.0 allows remote attackers to bypass signature verification via crafted tokens. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
JWT is a library to work with JSON Web Token and JSON Web Signature. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.
The verify function in Encryption/Symmetric.php in Malcolm Fell jwt before 1.0.3 does not use a timing-safe function for hash comparison, which allows attackers to spoof signatures via a timing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
JWT.php in F21 JWT before 2.0 allows remote attackers to bypass signature verification via crafted tokens. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.