What the vulnerability does

01Description

The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens.

Key dates

02Disclosure timeline

August 7, 2019 CVE published
August 6, 2024 Record updated