CVE-2015-2951
f21/jwt < 1.0 - Signature Verification Bypass via Crafted Tokens
Title source: llmDescription
JWT.php in F21 JWT before 2.0 allows remote attackers to bypass signature verification via crafted tokens.
References (4)
Core 4
Core References
Vendor Advisory third-party-advisory
x_refsource_jvn
http://jvn.jp/en/jp/JVN06120222/index.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/75021
Vendor Advisory third-party-advisory
x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000073
Patch x_refsource_confirm
https://github.com/F21/jwt/commit/a327cf9052df8f9f97728ca0b5fa78a8231b79b6
Scores
EPSS
0.0377
EPSS Percentile
88.6%
Details
CWE
CWE-20
Status
published
Products (1)
f21/jwt
< 1.0
Published
Jun 05, 2015
Tracked Since
Feb 18, 2026