CVE-2016-5429

Name of the Vulnerable Software and Affected Versions jose-php versions prior to 2.2.1

Description The issue makes it easier for remote attackers to obtain sensitive information via a timing attack. This is related to the files JWE.php and JWS.php, where the software does not use constant-time operations for HMAC comparison.

Recommendations For versions prior to 2.2.1, update to version 2.2.1 or later to resolve the issue.