CVE-2016-5429

Published September 3rd, 2016

View on NVD ↗

CVSS v3

3.7

LOW

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

jose-php before 2.2.1 does not use constant-time operations for HMAC comparison, which makes it easier for remote attackers to obtain sensitive information via a timing attack, related to JWE.php and JWS.php.

nov/jose-php

PHP JOSE Library (JWT, JWS, JWE, JWK, JWK Set, JWK Thumbprint are supported)

GitHub

139