CVE-2016-5431

TThe PHP JOSE Library by Gree Inc. version <= 2.2.0 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens.
Source: NIST
CVE-2016-5431

Leave a Reply

Your email address will not be published.