7 matches found
Debian DSA-4283-1 : ruby-json-jwt - security update
It was discovered that ruby-json-jwt, a Ruby implementation of JSON web tokens performed insufficient validation of GCM auth tags. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-4283. The text itself is...
[SECURITY] [DSA 4283-1] ruby-json-jwt security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4283-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 31, 2018 https://www.debian.org/security/faq -...
CVE-2018-3768
CVE-2018-3768 is a rejected candidate; reference CVE-2018-1000539 instead.
CVE-2018-1000539
Nov json-jwt version = 0.5.0 && 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack appear to be exploitable via network connectivity. Th...
CVE-2018-1000539
Nov json-jwt version = 0.5.0 && 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack appear to be exploitable via network connectivity. Th...
CVE-2018-1000539
Nov json-jwt version = 0.5.0 && 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack appear to be exploitable via network connectivity. Th...
CVE-2018-1000539
CVE-2018-1000539 affects the ruby-json-jwt gem (versions >=0.5.0 and