Lucene search
K

11 matches found

Tenable Nessus
Tenable Nessus
added 2025/09/03 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2023-51774

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes...

8.4CVSS6.6AI score0.00233EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2024/03/02 5:21 a.m.6 views

SUSE CVE-2023-51774

The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...

8.4CVSS6.9AI score0.00233EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2024/02/29 9:3 a.m.35 views

CVE-2023-51774

The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...

6.5CVSS6.4AI score0.00233EPSS
Exploits1References3
OSV
OSV
added 2024/02/29 3:33 a.m.17 views

GHSA-C8V6-786G-VJX6 json-jwt allows bypass of identity checks via a sign/encryption confusion attack

The json-jwt aka JSON::JWT gem 1.16.x before 1.16.6, 1.15.x before 1.15.3.1 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...

8.4CVSS6.9AI score0.00233EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2024/02/29 1:42 a.m.3 views

CVE-2023-51774

The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...

8.4CVSS5.8AI score0.00233EPSS
Exploits1References2
UbuntuCve
UbuntuCve
added 2024/02/29 1:42 a.m.34 views

CVE-2023-51774

The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...

8.4CVSS6.6AI score0.00233EPSS
Exploits1References2
OSV
OSV
added 2024/02/29 1:42 a.m.4 views

UBUNTU-CVE-2023-51774

The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...

8.4CVSS5.8AI score0.00233EPSS
Exploits1References3
RubySec
RubySec
added 2024/02/29 12:0 a.m.30 views

json-jwt allows bypass of identity checks via a sign/encryption confusion attack

The json-jwt aka JSON::JWT gem versions 1.16.5 and below sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...

8.4CVSS7AI score0.00233EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/12/25 12:0 a.m.359 views

CVE-2023-51774

The CVE-2023-51774 entry concerns the json-jwt (JSON::JWT) Ruby gem, with version 1.16.3 publicly reported as vulnerable to a sign/encryption confusion attack that can bypass identity checks (e.g., JSON::JWT.decode). The NVD entry confirms a high-severity impact (C/H/I/A) with local/low attack co...

8.4CVSS6.4AI score0.00233EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2023/12/25 12:0 a.m.8 views

CVE-2023-51774

The json-jwt aka JSON::JWT gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode...

8.4CVSS6.6AI score0.00233EPSS
Exploits1References3
Debian CVE
Debian CVE
added 2023/12/25 12:0 a.m.22 views

CVE-2023-51774

Removed by vendor...

8.4CVSS7AI score0.00233EPSS
Exploits1
Rows per page
Query Builder