1 package has known vulnerabilities

trikoder / oauth2-bundle

Symfony bundle which provides OAuth 2.0 authorization/resource server capabilities.

https://www.trikoder.net/

MIT License

249 stars 114 forks source link

1 package has known vulnerabilities #296

Closed slawekadamek closed 3 years ago

slawekadamek commented 3 years ago

1 package has known vulnerabilities.

lcobucci/jwt (4.0.3)

CVE-2021-41106: File reference keys leads to incorrect hashes on HMAC algorithms

X-Coder264 commented 3 years ago

lcobucci/jwt is not a direct dependency of this package so there's nothing for us to do. We do not restrict the allowed lcobucci/jwt version so if you run composer update you should get the latest lcobucci/jwt package version which fixed the CVE you've mentioned.