CVE-2021-41106

Insufficient Verification of Data Authenticity in packagist/lcobucci/jwt

Identifier

CVE-2021-41106

Package Slug

packagist/lcobucci/jwt

Vulnerability

Insufficient Verification of Data Authenticity

Description

The HMAC hashing functions take any string as input and, since users can issue and validate tokens, users are lead to believe that everything works properly.

Affected Versions

All versions starting from 3.4.0 before 3.4.6, all versions starting from 4.0.0 before 4.0.4, all versions starting from 4.1.0 before 4.1.5

Solution

Upgrade to versions 3.4.6, 4.0.4, 4.1.5 or above.

Last Modified

2021-10-11

source