CVE-2015-2951 Information

Description

JWT.php in F21 JWT before 2.0 allows remote attackers to bypass signature verification via crafted tokens.

Reference

http://jvn.jp/en/jp/JVN06120222/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2015-000073 http://www.securityfocus.com/bid/75021 https://github.com/F21/jwt/commit/a327cf9052df8f9f97728ca0b5fa78a8231b79b6