Contrib.social

Possible security vulnerability with firebase/php-jwt < 6.0

Open on Drupal.org β†’
Created on 22 February 2023, almost 2 years ago

Problem/Motivation

Security advisory:
composer audit
Found 1 security vulnerability advisory affecting 1 package:
+-------------------+----------------------------------------------------------------------------------+
| Package | firebase/php-jwt |
| CVE | CVE-2021-46743 |
| Title | Key/algorithm type confusion |
| URL | https://github.com/advisories/GHSA-8xf4-w7qw-pjjw |
| Affected versions | <6.0.0 |
| Reported at | 2022-03-30T00:00:00+00:00

where is jwt called:
html/modules/contrib/salesforce/modules/salesforce_jwt/composer.json: "firebase/php-jwt": "^5.0",
html/modules/contrib/salesforce/composer.json: "firebase/php-jwt": "^5.0",
html/modules/contrib/salesforce/composer.json: "firebase/php-jwt": "Required for salesforce_jwt, recommended auth provider.",

Steps to reproduce

composer audit

Proposed resolution

Update to a version of firebase/php-jwt > 6.0 or give explanation like http://drupal.org/project/jwt

Remaining tasks

User interface changes

API changes

Data model changes

πŸ› Bug report
Status

Active

Version

1.0

Component

Code

Created by

πŸ‡ΊπŸ‡ΈUnited States SocialNicheGuru

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024