Vulnerabilities > JWT Project > JWT > 0.1.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-01-23 | CVE-2016-7037 | 7PK - Time and State vulnerability in JWT Project JWT The verify function in Encryption/Symmetric.php in Malcolm Fell jwt before 1.0.3 does not use a timing-safe function for hash comparison, which allows attackers to spoof signatures via a timing attack. | 7.5 |