56 matches found
CVE-2019-18848
The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string...
EUVD-2019-0742
Malware in sbrugna...
EUVD-2018-0296
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2023-51774
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes...
Linux Distros Unpatched Vulnerability : CVE-2019-18848
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string. CVE-2019-18848 Note that Nessus relies on the presence of t...
openSUSE 15 Security Update : rubygem-json-jwt (openSUSE-SU-2025:0004-1)
The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:0004-1 advisory. - New upstream release 1.16.6, see bundled CHANGELOG.md - Remove padding oracle by @btoews in https://github.com/nov/json-jwt/pull/109 - Fixes...
OPENSUSE-SU-2025:0004-1 Security update for rubygem-json-jwt
This update for rubygem-json-jwt fixes the following issues: - New upstream release 1.16.6, see bundled CHANGELOG.md - Remove padding oracle by @btoews in https://github.com/nov/json-jwt/pull/109 - Fixes CVE-2023-51774 boo1220727 - updated to version 1.11.0 - no changelog found - Fixes...
Security update for rubygem-json-jwt (moderate)
openSUSE Security Update: Security update for rubygem-json-jwt Announcement ID: openSUSE-SU-2025:0004-1 Rating: moderate References: 1156649 1220727 Cross-References: CVE-2019-18848 CVE-2023-51774 Affected Products: openSUSE Backports SLE-15-SP5 An update that fixes two vulnerabilities is now...
Security Bulletin: IBM Cloud Pak for Data is vulnerable to security bypass due to json-jwt ( CVE-2023-51774 )
Summary json-jwtis used by IBM Cloud Pak for Data as part of the platform. CVE-2023-51774. Vulnerability Details CVEID:CVE-2023-51774 DESCRIPTION: json-jwt could allow a remote attacker to bypass security restrictions, caused by a sign/encryption confusion attack. By sending a specially crafted...
SUSE CVE-2023-51774
The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...
GHSA-C8V6-786G-VJX6 json-jwt allows bypass of identity checks via a sign/encryption confusion attack
The json-jwt aka JSON::JWT gem 1.16.x before 1.16.6, 1.15.x before 1.15.3.1 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...
json-jwt allows bypass of identity checks via a sign/encryption confusion attack
The json-jwt aka JSON::JWT gem 1.16.x before 1.16.6, 1.15.x before 1.15.3.1 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...
GHSA-C8V6-786G-VJX6 vulnerabilities
Vulnerabilities for packages: kube-fluentd-operator, ruby3.2-json-jwt...
CVE-2023-51774
The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...
CVE-2023-51774
The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...
CVE-2023-51774 vulnerabilities
Vulnerabilities for packages: kube-fluentd-operator, ruby3.2-json-jwt...
CVE-2023-51774 vulnerabilities
Vulnerabilities for packages: kube-fluentd-operator, ruby3.2-json-jwt...
CVE-2023-51774
The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...
Design/Logic Flaw
The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...
json-jwt allows bypass of identity checks via a sign/encryption confusion attack
The json-jwt aka JSON::JWT gem versions 1.16.5 and below sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...