Authentication Bypass

namshi/jose is vulnerable to Authentication Bypass. The vulnerability is due to improper signature validation which permits tokens signed with 'none' algorithms to be processed, effectively allowing authentication to bypass signature validation...

Authentication Bypass

namshi/jose is vulnerable to Authentication Bypass. The vulnerability is due to an implementation error in the validation process for digital signatures using asymmetric algorithms. which allows attackers to forge tokens by exploiting the signature verification flaw...

GHSA-4RR6-GF59-GGW5 namshi/jose - Verification bypass

Several widely-used JSON Web Token JWT libraries, including node-jsonwebtoken, pyjwt, namshi/jose, php-jwt, and jsjwt, are affected by critical vulnerabilities that could allow attackers to bypass the verification step when using asymmetric keys RS256, RS384, RS512, ES256, ES384, ES512...

namshi/jose insecure JSON Web Signatures (JWS)

namshi/jose allows the acceptance of unsecure JSON Web Signatures JWS by default. The vulnerability arises from the $allowUnsecure flag, which, when set to true during the loading of JWSes, permits tokens signed with 'none' algorithms to be processed. This behavior poses a significant security ri...

GHSA-HXHC-WMG8-XRQF namshi/jose insecure JSON Web Signatures (JWS)

namshi/jose allows the acceptance of unsecure JSON Web Signatures JWS by default. The vulnerability arises from the $allowUnsecure flag, which, when set to true during the loading of JWSes, permits tokens signed with 'none' algorithms to be processed. This behavior poses a significant security ri...

PT-2024-40080 · Php-Jwt +4 · Php-Jwt +4

Name of the Vulnerable Software and Affected Versions: node-jsonwebtoken affected versions not specified pyjwt affected versions not specified namshi/jose affected versions not specified php-jwt affected versions not specified jsjwt affected versions not specified Description: The issue affects...

GHSA-H533-5V22-8VCP firebase/php-jwt: "None" Algorithm treated as valid on tokens

Several widely-used JSON Web Token JWT libraries, including node-jsonwebtoken, pyjwt, namshi/jose, php-jwt, and jsjwt, are affected by critical vulnerabilities that could allow attackers to bypass the verification step when using asymmetric keys RS256, RS384, RS512, ES256, ES384, ES512...

Malicious code in node-namshi-mysql (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2b8ea8105cf9662af25b173e508c368157cbedd010dda83f09aa12ec71a32a05 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-4888 Malicious code in node-namshi-mysql (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2b8ea8105cf9662af25b173e508c368157cbedd010dda83f09aa12ec71a32a05 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Timing Attack

namshi/jose is vulnerable to timing attack. The vulnerability exists because it does not use a constant-time comparison when verifying HMAC values...

namshi/jose input validation vulnerability

namshi/jose is a PHP library for processing JSON Web markup . A security vulnerability exists in namshi/jose. A remote attacker can exploit the vulnerability to bypass signature verification via a specially crafted token in a JSON Web Tokens JWT header...

Design/Logic Flaw

NAMSHI | JOSE 5.0.0 and earlier allows remote attackers to bypass signature verification via crafted tokens in a JSON Web Tokens JWT header...

CVE-2015-2964

NAMSHI | JOSE 5.0.0 and earlier allows remote attackers to bypass signature verification via crafted tokens in a JSON Web Tokens JWT header...

CVE-2015-2964

NAMSHI | JOSE 5.0.0 and earlier allows remote attackers to bypass signature verification via crafted tokens in a JSON Web Tokens JWT header...

CVE-2015-2964

CVE-2015-2964 affects namshi/jose (PHP JWT library). A vulnerability in processing JWT headers allows bypass of signature verification, enabling specially crafted tokens to be treated as valid data. Public sources indicate the library did not properly enforce signature checks (e.g., issues with t...

namshi/jose fails to verify token signatures

Overview namshi/jose is a PHP library for handling JSON Web Tokens JWT. namshi/jose contains a vulnerability in processing JWT headers where it fails to verify token signatures. Toshiharu Sugiyama of DeNA Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...

JVN#25336719: namshi/jose fails to verify token signatures

namshi/jose is a PHP library for handling JSON Web Tokens JWT. namshi/jose contains a vulnerability in processing JWT headers where it fails to verify token signatures. Impact Specially crafted tokens may be validated as token data with valid signatures. Solution Update the Software Update to the...