VYPR

Packagist (Composer) package

web-auth/webauthn-framework

pkg:composer/web-auth/webauthn-framework

Vulnerabilities (3)

  • CVE-2026-30964MedMar 10, 2026
    affected >= 5.2.0, < 5.2.4fixed 5.2.4

    web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. Prior to 5.2.4, when allowed_origins is configured, CheckAllowedOrigins reduces URL-like values to their h

  • CVE-2024-39912MedJul 15, 2024
    affected >= 4.5.0, < 4.9.0fixed 4.9.0

    web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. The ProfileBasedRequestOptionsBuilder method returns allowedCredentials without any credentials if no user

  • CVE-2021-38299Sep 27, 2021
    affected >= 3.3.0, < 3.3.4fixed 3.3.4

    Webauthn Framework 3.3.x before 3.3.4 has Incorrect Access Control. An attacker that controls a user's system is able to login to a vulnerable service using an attached FIDO2 authenticator without passing a check of the user presence.