High severityNVD Advisory· Published Aug 7, 2019· Updated Aug 6, 2024
CVE-2016-5431
CVE-2016-5431
Description
The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
gree/josePackagist | < 2.2.1 | 2.2.1 |
Affected products
1Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-xm5f-hc9r-76f3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-5431ghsaADVISORY
- github.com/nov/jose-php/commit/1cce55e27adf0274193eb1cd74b927a398a3df4bghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.