json-jwt allows bypass of identity checks via a sign/encryption confusion attack

2024-02-2821:00:00

RubySec

rubysec.com

json-jwt gem

identity checks

bypass

sign/encryption confusion

jwe

vulnerability

7 High

AI Score

Confidence

Low

JSON

The json-jwt (aka JSON::JWT) gem versions 1.16.5 and below sometimes allows
bypass of identity checks via a sign/encryption confusion attack.
For example, JWE can sometimes be used to bypass JSON::JWT.decode.

CPENameOperatorVersion
json-jwtle1.15.3.0
json-jwtge1.15.4.0
json-jwtlt1.16.6

Name	Operator	Version
json-jwt	le	1.15.3.0
json-jwt	ge	1.15.4.0
json-jwt	lt	1.16.6

References

github.com/P3ngu1nW/CVE_Request/blob/main/novjson-jwt.md

7 High

AI Score

Confidence

Low

JSON