omniphx
commented
2 months ago Hi @mosesbesong-nxlog, feel free to create a PR for this issue
Open mosesbesong-nxlog opened 7 months ago
omniphx
commented
2 months ago Hi @mosesbesong-nxlog, feel free to create a PR for this issue
Hi guys,
The version of the firebase/php-jwt package used by this library suffers from a Key/algorithm type confusion vulnerability.
The current version of firebase/php-jwt dependency used by the Forrest library as of this writing is "^5.2|~6.0".
You can read about the vulnerability here: https://nvd.nist.gov/vuln/detail/CVE-2021-46743