Lucene search
GoogleOSV:GHSA-MJ4X-WCXF-HM8XHistoryJul 31, 2018 - 6:13 p.m.
Json-jwt did not verify the cryptographic signature for data
2018-07-3118:13:51
Google
osv.dev
4
0.001 Low
EPSS
Percentile
41.0%
The json-jwt rubygem version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 1.9.4 and later.
Related
cvelist
cvelist
CVE-2018-1000539
2018-06-26 16:00:00
prion
prion
Design/Logic Flaw
2018-06-26 16:29:00
osv
osv
CVE-2018-1000539
2018-06-26 16:29:00
ruby-json-jwt - security update
2018-08-31 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-4283-1)
2018-08-30 00:00:00
cve
cve
CVE-2018-1000539
2018-06-26 16:29:02
CVE-2018-3768
2018-07-05 16:29:00
nessus
nessus
Debian DSA-4283-1 : ruby-json-jwt - security update
2018-09-04 00:00:00
debian
debian
[SECURITY] [DSA 4283-1] ruby-json-jwt security update
2018-08-31 21:55:21
veracode
veracode
Authentication Bypass
2018-05-21 03:00:08
github
github
Json-jwt did not verify the cryptographic signature for data
2018-07-31 18:13:51
ubuntucve
ubuntucve
CVE-2018-1000539
2018-06-26 00:00:00
nvd
nvd
CVE-2018-1000539
2018-06-26 16:29:02
CVE-2018-3768
2018-07-05 16:29:00
debiancve
debiancve
CVE-2018-1000539
2018-06-26 16:29:02