phpseclib before 2.0.31 and 3.x before 3.0.7 mishandles RSA PKCS#1 v1.5 signature verification.
github.com/FriendsOfPHP/security-advisories/blob/master/phpseclib/phpseclib/CVE-2021-30130.yaml
github.com/phpseclib/phpseclib/pull/1635
github.com/phpseclib/phpseclib/releases/tag/2.0.31
github.com/phpseclib/phpseclib/releases/tag/3.0.7
lists.debian.org/debian-lts-announce/2022/11/msg00024.html
lists.debian.org/debian-lts-announce/2022/11/msg00025.html
nvd.nist.gov/vuln/detail/CVE-2021-30130