2 matches found
CVE-2021-46743
CVE-2021-46743 : In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue occurs via the kid header when multiple key types are loaded in a key ring, allowing an attacker to forge tokens that validate under the incorrect key. The description notes this may reflect unsafe usage of the PHP-JW...
CVE-2025-45769
php-jwt v6.11.0 is identified in multiple sources (GHSA-2X45-7FC3-MXWQ, OSV:GHSA-2X45-7FC3-MXWQ) as containing weak encryption, with reports noting potential token manipulation. The CVE entry notes a cryptographic weakness and a dispute regarding its severity. Connected documents confirm the affe...