SCA: security update for web-token/jwt-bundle, web-token/jwt-experimental, web-token/jwt-framework, web-token/jwt-library (GHSA-jc38-x7x8-2xc8)

high Tenable Cloud Security Plugin ID 444424

Description

PHP JWT Framework: JWSVerifier uses algorithm from unprotected header, enabling algorithm confusion attacks

Solution

Update the web-token/jwt-bundle library and its related packages to version 3.4.10 or later.

See Also

https://github.com/advisories/GHSA-jc38-x7x8-2xc8

Plugin Details

Severity: High

ID: 444424

Version: Revision 1.1

Type: Local

Family: SCA Checks

Published: 7/6/2026

Updated: 7/6/2026

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 6/18/2026

Vulnerability Publication Date: 6/18/2026

Reference Information

cwe: CWE-345