CVE-2016-5429
CVE-2016-5429 concerns the jose-php library prior to 2.2.1, where non-constant-time HMAC comparisons in the implementation (notably in JWE.php and JWS.php) can enable remote attackers to glean sensitive data via timing attacks. Public sources consistently state that the vulnerability enables info...