The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| gree/jose(Packagist) | 0 | 2.2.1 | N/A |
CVSS Metrics
