HIGH
Emarref
CVE published 2017-01-23
CVE-2016-7037
CVE-2016-7037 describes a signature-verification weakness in the jwt library’s symmetric verification path. The affected verify function in Encryption/Symmetric.php compares hashes without a timing-safe method, which can leak information through response timing and enable signature spoofing. NVD rates the issue HIGH, with network access, no privileges, and integrity impact as the primary concern.