11 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-51774
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes...
SUSE CVE-2023-51774
The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...
CVE-2023-51774
The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...
GHSA-C8V6-786G-VJX6 json-jwt allows bypass of identity checks via a sign/encryption confusion attack
The json-jwt aka JSON::JWT gem 1.16.x before 1.16.6, 1.15.x before 1.15.3.1 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...
CVE-2023-51774
The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...
CVE-2023-51774
The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...
UBUNTU-CVE-2023-51774
The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...
json-jwt allows bypass of identity checks via a sign/encryption confusion attack
The json-jwt aka JSON::JWT gem versions 1.16.5 and below sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...
CVE-2023-51774
The CVE-2023-51774 entry concerns the json-jwt (JSON::JWT) Ruby gem, with version 1.16.3 publicly reported as vulnerable to a sign/encryption confusion attack that can bypass identity checks (e.g., JSON::JWT.decode). The NVD entry confirms a high-severity impact (C/H/I/A) with local/low attack co...
CVE-2023-51774
The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...
CVE-2023-51774
Removed by vendor...