Fix Firebase PHP-JWT — CVE-2021-46743 CRITICAL
Fix CVE-2021-46743 (CRITICAL) in Firebase PHP-JWT for PHP. Paste your composer.json into PackageFix and get a patched version — no CLI, no signup. Algorithm confusion allowing none algorithm acceptance.
⚠ Vulnerability
CVE-2021-46743 (CRITICAL) — algorithm confusion allowing none algorithm acceptance in Firebase PHP-JWT below ^6.10.
Vulnerable — composer.json
"firebase/php-jwt": "^5.4"
Fixed — composer.json
"firebase/php-jwt": "^6.10"
✓ Fix
Update Firebase PHP-JWT to ^6.10 and run composer install.
Paste your manifest — get back a fixed version with all CVEs patched in seconds.
Open PackageFix →No signup · No CLI · No GitHub connection · Runs 100% in your browser
CVE Details
| Field | Value |
|---|---|
| CVE ID | CVE-2021-46743 |
| Severity | CRITICAL |
| Package | Firebase PHP-JWT (PHP) |
| Safe version | ^6.10 |
| CISA KEV | — |
| Description | Algorithm confusion allowing none algorithm acceptance |
Frequently Asked Questions
What is CVE-2021-46743?
CVE-2021-46743 is a CRITICAL severity vulnerability in Firebase PHP-JWT (PHP) that allows algorithm confusion allowing none algorithm acceptance. Update to ^6.10 or later.
How do I fix CVE-2021-46743 in Firebase PHP-JWT?
Update Firebase PHP-JWT to version ^6.10 in your composer.json and run composer install.
Is CVE-2021-46743 being actively exploited?
Check packagefix.dev — the CISA KEV catalog updates daily.
How do I verify the fix for CVE-2021-46743?
After updating, paste your composer.json into PackageFix again. If CVE-2021-46743 no longer appears in the CVE table, the fix is applied.