diff --git a/advisories/github-reviewed/2026/06/GHSA-5739-39v2-5754/GHSA-5739-39v2-5754.json b/advisories/github-reviewed/2026/06/GHSA-5739-39v2-5754/GHSA-5739-39v2-5754.json index ea8b09cbd344f..e2a36727c6a20 100644 --- a/advisories/github-reviewed/2026/06/GHSA-5739-39v2-5754/GHSA-5739-39v2-5754.json +++ b/advisories/github-reviewed/2026/06/GHSA-5739-39v2-5754/GHSA-5739-39v2-5754.json @@ -1,7 +1,7 @@ { "schema_version": "1.4.0", "id": "GHSA-5739-39v2-5754", - "modified": "2026-06-18T21:09:57Z", + "modified": "2026-06-18T21:10:00Z", "published": "2026-06-18T21:09:56Z", "aliases": [], "summary": "PHP JWT Library: RSA1_5 (RSAES-PKCS1-v1_5) decryption lacks implicit rejection, exposing a Bleichenbacher/Marvin padding oracle", @@ -45,7 +45,7 @@ "introduced": "0" }, { - "last_affected": "4.1.6" + "fixed": "3.4.10" } ] } @@ -88,6 +88,44 @@ ] } ] + }, + { + "package": { + "ecosystem": "Packagist", + "name": "web-token/jwt-framework" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "4.0.0" + }, + { + "fixed": "4.0.7" + } + ] + } + ] + }, + { + "package": { + "ecosystem": "Packagist", + "name": "web-token/jwt-framework" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "4.1.0" + }, + { + "fixed": "4.1.7" + } + ] + } + ] } ], "references": [