Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way to use the PHP-JWT library unsafely, but might not be considered a vulnerability in the library itself.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PHP-JWT 安全漏洞
Vulnerability Description
PHP-JWT是一个简单的库,用于在 PHP 中编码和解码 JSON Web 令牌 (JWT),符合RFC 7519。 Firebase PHP-JWT 6.0.0 之前版本存在安全漏洞,该漏洞这允许攻击者伪造令牌。
CVSS Information
N/A
Vulnerability Type
N/A