Security Advisories - PKSA-58h1-qnck-61bt - Packagist.org

PKSA-58h1-qnck-61bt Security Advisory

[MEDIUM] JWSVerifier uses algorithm from unprotected header, enabling algorithm confusion attacks

PKSA-58h1-qnck-61bt GHSA-5739-39v2-5754

Affected package: web-token/jwt-library

Affected version: <3.4.10|>=4.0.0,<4.0.7|>=4.1.0,<4.1.7

Reported by:
GitHub, FriendsOfPHP/security-advisories