N/A

jose-php before 2.2.1 does not use constant-time operations for HMAC comparison, which makes it easier for remote attackers to obtain sensitive information via a timing attack, related to JWE.php and JWS.php.

N/A

N/A

jose-php 安全漏洞

jose-php是一个用于实现JavaScript对象签名和加密的方法。 jose-php 2.2.1之前的版本中的JWE.php和JWS.php文件存在安全漏洞。远程攻击者可通过实施时序攻击利用该漏洞获取敏感信息。

N/A

N/A