emarref/jwt

Releases7

Frequency3 months 2 weeks

Last Release almost 10 years ago

Stars92

An implementation of the JSON Web Token (JWT) draft in PHP.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2016-7037 ↗	Jan 23, 2017Monday, 23 January 2017, 21:59	—	5 MEDIUM
The verify function in Encryption/Symmetric.php in Malcolm Fell jwt before 1.0.3 does not use a timing-safe function for hash comparison, which allows attackers to spoof signatures via a timing attack.