Kelvinmo: >> Simplejwt >> 0.2.1 Security Vulnerabilities
SimpleJWT is a simple JSON web token library written in PHP. Prior to version 1.1.1, an unauthenticated attacker can perform a Denial of Service via JWE header tampering when PBES2 algorithms are used. Applications that call JWE::decrypt() on attacker-controlled JWEs using PBES2 algorithms are affected. This issue has been patched in version 1.1.1.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-03-20