CVE-2016-5431

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-5431

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-5431.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-5431

Aliases

GHSA-xm5f-hc9r-76f3

Published

2019-08-07T15:15:11Z

Modified

2024-05-14T05:24:56.972040Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens.

References

https://github.com/nov/jose-php/commit/1cce55e27adf0274193eb1cd74b927a398a3df4b

Affected packages

Git / github.com/nov/jose-php

Affected ranges

Type: GIT
Repo: https://github.com/nov/jose-php
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1cce55e27adf0274193eb1cd74b927a398a3df4b

Affected versions

0.*

0.1.0

0.1.2

0.1.3

0.1.4

0.1.5

1.*

1.0.0

1.0.1

2.*

2.0.0

2.0.1

2.1.0

2.2.0