web-token/jwt-framework · IA Squad

Skip to content

php · web-token/jwt-frameworkCritical

web-token/jwt-framework: Unprotected header override of 'alg' in JWSVerifier and JWEDecrypter

JWSVerifier::getAlgorithm() merges protected and unprotected headers using spread operator, allowing unprotected header to overrid

19 Jun 2026 · act now