Page MenuHomePhabricator
Create Task
Maniphest T335288

CVE-2021-46743: firebase/php-jwt Key/algorithm type confusion
Closed, ResolvedPublicSecurity
Actions

Description

Found 1 security vulnerability advisory affecting 1 package:
+-------------------+----------------------------------------------------------------------------------+
| Package           | firebase/php-jwt                                                                 |
| CVE               | CVE-2021-46743                                                                   |
| Title             | Key/algorithm type confusion                                                     |
| URL               | https://github.com/advisories/GHSA-8xf4-w7qw-pjjw                                |
| Affected versions | <6.0.0                                                                           |
| Reported at       | 2022-03-30T00:00:00+00:00                                                        |
+-------------------+----------------------------------------------------------------------------------+

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46743

Need to upgrade >= 6.0.0

Details

SubjectRepoBranchLines +/-
Upgrading firebase/php-jwt (v5.5.1 => v6.4.0)mediawiki/vendormaster+937 -328
Customize query in gerrit

Related Objects
Search...

Event Timeline

Reedy created this task.Apr 24 2023, 1:36 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 24 2023, 1:36 PM
Reedy added a project: MediaWiki-Vendor.Apr 24 2023, 1:41 PM
Reedy updated the task description. (Show Details)
Reedy added a subtask: T318992: Update CheckUser for firebase/php-jwt >= 6.0.0.
Reedy added a subscriber: gerritbot.Apr 24 2023, 1:45 PM
gerritbot added a comment.Apr 24 2023, 1:49 PM

Change 911302 had a related patch set uploaded (by Reedy; author: Reedy):

[mediawiki/vendor@master] Upgrading firebase/php-jwt (v5.5.1 => v6.4.0)

https://gerrit.wikimedia.org/r/911302

gerritbot added a project: Patch-For-Review.Apr 24 2023, 1:49 PM
Reedy added subtasks: T335290: Update OAuth for firebase/php-jwt >= 6.0.0, T335291: Update ContentTranslation for firebase/php-jwt >= 6.0.0.Apr 24 2023, 1:54 PM
gerritbot added a comment.Apr 25 2023, 2:34 PM

Change 911302 merged by jenkins-bot:

[mediawiki/vendor@master] Upgrading firebase/php-jwt (v5.5.1 => v6.4.0)

https://gerrit.wikimedia.org/r/911302

sbassett changed the task status from Open to In Progress.May 2 2023, 4:49 PM
sbassett triaged this task as Medium priority.
sbassett moved this task from Incoming to In Progress on the Security-Team board.
sbassett added projects: SecTeam-Processed, Vuln-VulnComponent.
Reedy closed subtask T335290: Update OAuth for firebase/php-jwt >= 6.0.0 as Resolved.May 5 2023, 11:46 AM
Reedy closed subtask T335291: Update ContentTranslation for firebase/php-jwt >= 6.0.0 as Resolved.
Reedy closed this task as Resolved.Sep 25 2023, 10:28 PM
Reedy claimed this task.
Reedy changed the visibility from "Custom Policy" to "Public (No Login Required)".
Reedy changed the edit policy from "Custom Policy" to "All Users".
Maintenance_bot removed a project: Patch-For-Review.Sep 25 2023, 10:31 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL