Skip to content

Commit

Permalink
bumping jose version to address potential vulnerability
Browse files Browse the repository at this point in the history
  • Loading branch information
@tymondesigns
tymondesigns committed Apr 7, 2015
1 parent 92bb9a1 commit 5970a49
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion composer.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
"php": ">=5.4.0",
"illuminate/support": "~4.0",
"illuminate/http": "~4.0",
"namshi/jose": "2.0.*",
"namshi/jose": "2.2.*",
"nesbot/carbon": "~1.0"
},
"require-dev": {
Expand Down
2 changes: 1 addition & 1 deletion src/Providers/JWT/NamshiAdapter.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ public function decode($token)
throw new TokenInvalidException('Could not decode token: ' . $e->getMessage());
}

if (! $jws->verify($this->secret)) {
if (! $jws->verify($this->secret, $this->algo)) {
throw new TokenInvalidException('Token Signature could not be verified.');
}

Expand Down

2 comments on commit 5970a49

@olso
Copy link

@olso olso commented on 5970a49 Apr 7, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How did you come up with the potential vulnerability?

@tymondesigns
Copy link
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It was highlited here https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/

Please sign in to comment.