Firebase · Firebase Php-Jwt · CVE-2021-46743
**Name of the Vulnerable Software and Affected Versions**
Firebase PHP-JWT versions prior to 6.0.0
**Description**
The issue is related to an algorithm-confusion problem, where an attacker can forge tokens that validate under the incorrect key when multiple types of keys are loaded in a key ring. This occurs via the `kid` (Key ID) header.
**Recommendations**
For versions prior to 6.0.0, update to version 6.0.0 or later to resolve the issue.