[GHSA-2x45-7fc3-mxwq] php-jwt contains weak encryption#6954
Conversation
|
I summarized the aspects after evaluating and applying the CNA rules (as stated for the From my (personal) point of view, CVE-2025-45769 should be |
|
I posted a comment about the review of GHSA-2x45-7fc3-mxwq to firebase/php-jwt#620 (comment). |
|
Since the discussion in firebase/php-jwt#620 has ended, I'm closing this PR because, rather than withdrawing the advisory, my teammates and I decided to keep GHSA-2x45-7fc3-mxwq and lower the CVSS. The changes to GHSA-2x45-7fc3-mxwq, including a link to firebase/php-jwt#620 in the references, should appear shortly. |
85b51b7
into
derhansen/advisory-improvement-6954
|
Hi @derhansen! Thank you so much for contributing to the GitHub Advisory Database. This database is free, open, and accessible to all, and it's people like you who make it great. Thanks for choosing to help others. We hope you send in more contributions in the future! |
|
I merged the credit addition instead of closing the credit addition. 😳 @derhansen Are you OK with your name appearing as an |
Updates
Comments
The CVE has been disputed https://nvd.nist.gov/vuln/detail/CVE-2025-45769 and the advisory should be removed from the database.