Skip to main content

Jwt

3 CVEs product

Monthly

CVE-2021-41106 PHP LOW PATCH Monitor

JWT is a library to work with JSON Web Token and JSON Web Signature. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Jwt
NVD GitHub
CVSS 3.1
3.3
EPSS
0.2%
CVE-2016-7037 HIGH PATCH This Week

The verify function in Encryption/Symmetric.php in Malcolm Fell jwt before 1.0.3 does not use a timing-safe function for hash comparison, which allows attackers to spoof signatures via a timing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Jwt
NVD GitHub
CVSS 3.0
7.5
EPSS
0.1%
CVE-2015-2951 MEDIUM This Month

JWT.php in F21 JWT before 2.0 allows remote attackers to bypass signature verification via crafted tokens. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass Jwt
NVD GitHub
CVSS 2.0
5.0
EPSS
2.1%
EPSS 0% CVSS 3.3
LOW PATCH Monitor

JWT is a library to work with JSON Web Token and JSON Web Signature. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity.

Information Disclosure Jwt
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

The verify function in Encryption/Symmetric.php in Malcolm Fell jwt before 1.0.3 does not use a timing-safe function for hash comparison, which allows attackers to spoof signatures via a timing. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

PHP Information Disclosure Jwt
NVD GitHub
EPSS 2% CVSS 5.0
MEDIUM This Month

JWT.php in F21 JWT before 2.0 allows remote attackers to bypass signature verification via crafted tokens. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP Authentication Bypass Jwt
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy