11 matches found
Authentication Bypass
namshi/jose is vulnerable to Authentication Bypass. The vulnerability is due to improper signature validation which permits tokens signed with 'none' algorithms to be processed, effectively allowing authentication to bypass signature validation...
Authentication Bypass
namshi/jose is vulnerable to Authentication Bypass. The vulnerability is due to an implementation error in the validation process for digital signatures using asymmetric algorithms. which allows attackers to forge tokens by exploiting the signature verification flaw...
GHSA-4RR6-GF59-GGW5 namshi/jose - Verification bypass
Several widely-used JSON Web Token JWT libraries, including node-jsonwebtoken, pyjwt, namshi/jose, php-jwt, and jsjwt, are affected by critical vulnerabilities that could allow attackers to bypass the verification step when using asymmetric keys RS256, RS384, RS512, ES256, ES384, ES512...
GHSA-HXHC-WMG8-XRQF namshi/jose insecure JSON Web Signatures (JWS)
namshi/jose allows the acceptance of unsecure JSON Web Signatures JWS by default. The vulnerability arises from the $allowUnsecure flag, which, when set to true during the loading of JWSes, permits tokens signed with 'none' algorithms to be processed. This behavior poses a significant security ri...
namshi/jose insecure JSON Web Signatures (JWS)
namshi/jose allows the acceptance of unsecure JSON Web Signatures JWS by default. The vulnerability arises from the $allowUnsecure flag, which, when set to true during the loading of JWSes, permits tokens signed with 'none' algorithms to be processed. This behavior poses a significant security ri...
PT-2024-40080 · Php-Jwt +4 · Php-Jwt +4
Name of the Vulnerable Software and Affected Versions: node-jsonwebtoken affected versions not specified pyjwt affected versions not specified namshi/jose affected versions not specified php-jwt affected versions not specified jsjwt affected versions not specified Description: The issue affects...
Timing Attack
namshi/jose is vulnerable to timing attack. The vulnerability exists because it does not use a constant-time comparison when verifying HMAC values...
namshi/jose input validation vulnerability
namshi/jose is a PHP library for processing JSON Web markup . A security vulnerability exists in namshi/jose. A remote attacker can exploit the vulnerability to bypass signature verification via a specially crafted token in a JSON Web Tokens JWT header...
CVE-2015-2964
NAMSHI | JOSE 5.0.0 and earlier allows remote attackers to bypass signature verification via crafted tokens in a JSON Web Tokens JWT header...
namshi/jose fails to verify token signatures
Overview namshi/jose is a PHP library for handling JSON Web Tokens JWT. namshi/jose contains a vulnerability in processing JWT headers where it fails to verify token signatures. Toshiharu Sugiyama of DeNA Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under...
JVN#25336719: namshi/jose fails to verify token signatures
namshi/jose is a PHP library for handling JSON Web Tokens JWT. namshi/jose contains a vulnerability in processing JWT headers where it fails to verify token signatures. Impact Specially crafted tokens may be validated as token data with valid signatures. Solution Update the Software Update to the...