Linux Distros Unpatched Vulnerability : CVE-2023-51774

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes...

openSUSE Security Advisory (openSUSE-SU-2025:0004-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 15 Security Update : rubygem-json-jwt (openSUSE-SU-2025:0004-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:0004-1 advisory. - New upstream release 1.16.6, see bundled CHANGELOG.md - Remove padding oracle by @btoews in https://github.com/nov/json-jwt/pull/109 - Fixes...

OPENSUSE-SU-2025:0004-1 Security update for rubygem-json-jwt

This update for rubygem-json-jwt fixes the following issues: - New upstream release 1.16.6, see bundled CHANGELOG.md - Remove padding oracle by @btoews in https://github.com/nov/json-jwt/pull/109 - Fixes CVE-2023-51774 boo1220727 - updated to version 1.11.0 - no changelog found - Fixes...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to security bypass due to json-jwt ( CVE-2023-51774 )

Summary json-jwtis used by IBM Cloud Pak for Data as part of the platform. CVE-2023-51774. Vulnerability Details CVEID:CVE-2023-51774 DESCRIPTION: json-jwt could allow a remote attacker to bypass security restrictions, caused by a sign/encryption confusion attack. By sending a specially crafted...

SUSE CVE-2023-51774

The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...

CVE-2023-51774

creationtimestamp| type| source ---|---|--- 2024-02-29 10:11:58+00:00| seen| https://t.me/ctinow/196440...

CVE-2023-51774

The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...

CVE-2023-51774 vulnerabilities

Vulnerabilities for packages: ruby3.2-json-jwt, kube-fluentd-operator...

CVE-2023-51774 vulnerabilities

Vulnerabilities for packages: kube-fluentd-operator, ruby3.2-json-jwt...

CVE-2023-51774

The CVE-2023-51774 entry concerns the json-jwt (JSON::JWT) Ruby gem, with version 1.16.3 publicly reported as vulnerable to a sign/encryption confusion attack that can bypass identity checks (e.g., JSON::JWT.decode). The NVD entry confirms a high-severity impact (C/H/I/A) with local/low attack co...