CVE-2021-46743 is a vulnerability in Google Firebase Php Jwt
Published on March 29, 2022

In Firebase PHP-JWT before 6.0.0, an algorithm-confusion issue (e.g., RS256 / HS256) exists via the kid (aka Key ID) header, when multiple types of keys are loaded in a key ring. This allows an attacker to forge tokens that validate under the incorrect key. NOTE: this provides a straightforward way to use the PHP-JWT library unsafely, but might not be considered a vulnerability in the library itself.

NVD

Products Associated with CVE-2021-46743

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2021-46743 are published in Google Firebase Php Jwt:

Google Firebase Php Jwt

Exploit Probability

EPSS

0.79%

Percentile

73.56%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2021-46743 is a vulnerability in Google Firebase Php JwtPublished on March 29, 2022

Products Associated with CVE-2021-46743

Exploit Probability

CVE-2021-46743 is a vulnerability in Google Firebase Php Jwt
Published on March 29, 2022