CVE-2018-1000025
CVE-2018-1000025 affects Jerome Gamez Firebase Admin SDK for PHP versions 3.2.0–3.8.0. Affected component: src/Firebase/Auth/IdTokenVerifier.php; root cause: token signature is not verified, enabling forging of JWTs with arbitrary email addresses and user IDs. Impact: improper access control via ...