56 matches found
CVE-2019-18848
The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string...
EUVD-2019-0742
Malware in sbrugna...
EUVD-2018-0296
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2023-51774
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes...
Linux Distros Unpatched Vulnerability : CVE-2019-18848
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string. CVE-2019-18848 Note that Nessus relies on the presence of t...
openSUSE 15 Security Update : rubygem-json-jwt (openSUSE-SU-2025:0004-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:0004-1 advisory. - New upstream release 1.16.6, see bundled CHANGELOG.md - Remove padding oracle by @btoews in https://github.com/nov/json-jwt/pull/109 - Fixes...
OPENSUSE-SU-2025:0004-1 Security update for rubygem-json-jwt
This update for rubygem-json-jwt fixes the following issues: - New upstream release 1.16.6, see bundled CHANGELOG.md - Remove padding oracle by @btoews in https://github.com/nov/json-jwt/pull/109 - Fixes CVE-2023-51774 boo1220727 - updated to version 1.11.0 - no changelog found - Fixes...
Security update for rubygem-json-jwt (moderate)
openSUSE Security Update: Security update for rubygem-json-jwt Announcement ID: openSUSE-SU-2025:0004-1 Rating: moderate References: 1156649 1220727 Cross-References: CVE-2019-18848 CVE-2023-51774 Affected Products: openSUSE Backports SLE-15-SP5 An update that fixes two vulnerabilities is now...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to security bypass due to json-jwt ( CVE-2023-51774 )
Summary json-jwtis used by IBM Cloud Pak for Data as part of the platform. CVE-2023-51774. Vulnerability Details CVEID:CVE-2023-51774 DESCRIPTION: json-jwt could allow a remote attacker to bypass security restrictions, caused by a sign/encryption confusion attack. By sending a specially crafted...
SUSE CVE-2023-51774
The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...
json-jwt allows bypass of identity checks via a sign/encryption confusion attack
The json-jwt aka JSON::JWT gem 1.16.x before 1.16.6, 1.15.x before 1.15.3.1 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...
GHSA-C8V6-786G-VJX6 json-jwt allows bypass of identity checks via a sign/encryption confusion attack
The json-jwt aka JSON::JWT gem 1.16.x before 1.16.6, 1.15.x before 1.15.3.1 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...
GHSA-C8V6-786G-VJX6 vulnerabilities
Vulnerabilities for packages: ruby3.2-json-jwt, kube-fluentd-operator...
CVE-2023-51774
The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...
CVE-2023-51774 vulnerabilities
Vulnerabilities for packages: ruby3.2-json-jwt, kube-fluentd-operator...
CVE-2023-51774 vulnerabilities
Vulnerabilities for packages: kube-fluentd-operator, ruby3.2-json-jwt...
CVE-2023-51774
The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...
Design/Logic Flaw
The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...
json-jwt allows bypass of identity checks via a sign/encryption confusion attack
The json-jwt aka JSON::JWT gem versions 1.16.5 and below sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...
Improper Verification of Cryptographic Signature
Overview json-jwt is a JSON Web Token and its family JSON Web Signature, JSON Web Encryption and JSON Web Key in Ruby. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to a sign/encryption confusion attack via the JSON::JWT.decode function...