Lucene search
K

56 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:18 a.m.9 views

CVE-2019-18848

The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string...

7.5CVSS6.8AI score0.01257EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2019-0742

Malware in sbrugna...

7.5CVSS7.4AI score0.01257EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-0296

Malware in sbrugna...

5.3CVSS5.2AI score0.00777EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2023-51774

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes...

8.4CVSS6.7AI score0.00233EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2019-18848

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string. CVE-2019-18848 Note that Nessus relies on the presence of t...

7.5CVSS7.2AI score0.01257EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/01/08 12:0 a.m.15 views

openSUSE 15 Security Update : rubygem-json-jwt (openSUSE-SU-2025:0004-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2025:0004-1 advisory. - New upstream release 1.16.6, see bundled CHANGELOG.md - Remove padding oracle by @btoews in https://github.com/nov/json-jwt/pull/109 - Fixes...

8.4CVSS6.9AI score0.01257EPSS
Exploits1References7
OSV
OSV
added 2025/01/07 5:1 p.m.13 views

OPENSUSE-SU-2025:0004-1 Security update for rubygem-json-jwt

This update for rubygem-json-jwt fixes the following issues: - New upstream release 1.16.6, see bundled CHANGELOG.md - Remove padding oracle by @btoews in https://github.com/nov/json-jwt/pull/109 - Fixes CVE-2023-51774 boo1220727 - updated to version 1.11.0 - no changelog found - Fixes...

8.4CVSS6.9AI score0.01257EPSS
Exploits1References5
OPENSUSE Linux
OPENSUSE Linux
added 2025/01/07 12:0 a.m.9 views

Security update for rubygem-json-jwt (moderate)

openSUSE Security Update: Security update for rubygem-json-jwt Announcement ID: openSUSE-SU-2025:0004-1 Rating: moderate References: 1156649 1220727 Cross-References: CVE-2019-18848 CVE-2023-51774 Affected Products: openSUSE Backports SLE-15-SP5 An update that fixes two vulnerabilities is now...

8.4CVSS6.8AI score0.01257EPSS
Exploits1References2
IBM Security Bulletins
IBM Security Bulletins
added 2024/08/08 3:42 p.m.22 views

Security Bulletin: IBM Cloud Pak for Data is vulnerable to security bypass due to json-jwt ( CVE-2023-51774 )

Summary json-jwtis used by IBM Cloud Pak for Data as part of the platform. CVE-2023-51774. Vulnerability Details CVEID:CVE-2023-51774 DESCRIPTION: json-jwt could allow a remote attacker to bypass security restrictions, caused by a sign/encryption confusion attack. By sending a specially crafted...

8.4CVSS8.2AI score0.00233EPSS
Exploits1Affected Software1
SUSE CVE
SUSE CVE
added 2024/03/02 5:21 a.m.6 views

SUSE CVE-2023-51774

The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...

8.4CVSS6.9AI score0.00233EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2024/02/29 3:33 a.m.42 views

json-jwt allows bypass of identity checks via a sign/encryption confusion attack

The json-jwt aka JSON::JWT gem 1.16.x before 1.16.6, 1.15.x before 1.15.3.1 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...

8.4CVSS6.3AI score0.00233EPSS
Exploits1References8Affected Software1
OSV
OSV
added 2024/02/29 3:33 a.m.17 views

GHSA-C8V6-786G-VJX6 json-jwt allows bypass of identity checks via a sign/encryption confusion attack

The json-jwt aka JSON::JWT gem 1.16.x before 1.16.6, 1.15.x before 1.15.3.1 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...

8.4CVSS6.9AI score0.00233EPSS
Exploits1References8
Wolfi
Wolfi
added 2024/02/29 3:33 a.m.15 views

GHSA-C8V6-786G-VJX6 vulnerabilities

Vulnerabilities for packages: ruby3.2-json-jwt, kube-fluentd-operator...

6.1AI score
Exploits0
NVD
NVD
added 2024/02/29 1:42 a.m.13 views

CVE-2023-51774

The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...

8.4CVSS6.4AI score0.00233EPSS
Exploits1References1
Wolfi
Wolfi
added 2024/02/29 1:42 a.m.30 views

CVE-2023-51774 vulnerabilities

Vulnerabilities for packages: ruby3.2-json-jwt, kube-fluentd-operator...

8.4CVSS6.6AI score0.00233EPSS
Exploits1
Chainguard
Chainguard
added 2024/02/29 1:42 a.m.31 views

CVE-2023-51774 vulnerabilities

Vulnerabilities for packages: kube-fluentd-operator, ruby3.2-json-jwt...

8.4CVSS6.6AI score0.00233EPSS
Exploits1
UbuntuCve
UbuntuCve
added 2024/02/29 1:42 a.m.34 views

CVE-2023-51774

The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...

8.4CVSS6.6AI score0.00233EPSS
Exploits1References2
Prion
Prion
added 2024/02/29 1:42 a.m.22 views

Design/Logic Flaw

The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...

7.1AI score0.00233EPSS
Exploits1References1
RubySec
RubySec
added 2024/02/29 12:0 a.m.30 views

json-jwt allows bypass of identity checks via a sign/encryption confusion attack

The json-jwt aka JSON::JWT gem versions 1.16.5 and below sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...

8.4CVSS7AI score0.00233EPSS
Exploits1References1Affected Software1
Snyk
Snyk
added 2023/12/25 10:44 p.m.2 views

Improper Verification of Cryptographic Signature

Overview json-jwt is a JSON Web Token and its family JSON Web Signature, JSON Web Encryption and JSON Web Key in Ruby. Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to a sign/encryption confusion attack via the JSON::JWT.decode function...

8.4CVSS6.9AI score0.00233EPSS
Exploits1References2
Rows per page
Query Builder