3 matches found
CVE-2023-51774
The CVE-2023-51774 entry concerns the json-jwt (JSON::JWT) Ruby gem, with version 1.16.3 publicly reported as vulnerable to a sign/encryption confusion attack that can bypass identity checks (e.g., JSON::JWT.decode). The NVD entry confirms a high-severity impact (C/H/I/A) with local/low attack co...
CVE-2019-18848
CVE-2019-18848 affects the rubygem-json-jwt library for Ruby, where versions prior to 1.11.0 fail to enforce an element count when splitting a JWE string. This is documented across multiple advisories (Debian DLA-2390-1, openSUSE/SUSE advisories) indicating the issue and references to upgrading t...
CVE-2018-1000539
CVE-2018-1000539 affects the ruby-json-jwt gem (versions >=0.5.0 and