Threats Tagged 'ghsa-jc38-x7x8-2xc8'
View all threats tagged with 'ghsa-jc38-x7x8-2xc8'. Filter and sort to focus on specific types of threats.
Stop chasing alerts. Route them.
Start free, then upgrade once to turn Radar into an automated delivery engine for your security stack.
Custom feeds / Automations: email, Slack, webhooks, SIEM/MISP / API access (baseline limits)
API access activates after upgrading in Console -> Billing.
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.
Filter Threats
Narrow down the results by type, severity, or affected countries
Threats Tagged 'ghsa-jc38-x7x8-2xc8'
Click on any threat for detailed analysis and mitigation recommendations
GHSA-jc38-x7x8-2xc8: PHP JWT Framework: JWSVerifier uses algorithm from unprotected header, enabling algorithm confusion attacks 0 The PHP JWT Framework's JWSVerifier component merges protected and unprotected headers in a way that allows the unprotected header to override the integrity-protected 'alg' parameter. This creates a time-of-check/time-of-use vulnerability where the algorithm validated from the protected header differs from the one actually used for verification, enabling algorithm confusion attacks. Similar issues exist in JWEDecrypter with 'alg' and 'enc' parameters. The vulnerability affects multiple versions of the web-token/jwt-library prior to fixed releases. A fix involves reading the 'alg' parameter exclusively from the protected header to ensure integrity. Join the discussion | GCVE Database | 06/18/2026, 21:09:17 UTC Added: 07/06/2026, 23:03:49 UTC |
Showing 1 to 1 of 1 result