Lucene search
Ubuntu.comUB:CVE-2023-51774HistoryFeb 29, 2024 - 12:00 a.m.
CVE-2023-51774
2024-02-2900:00:00
ubuntu.com
ubuntu.com
12
security vulnerability
json-jwt
ruby
identity check bypass
sign/encryption confusion attack
jwe
bug fix
github
issue
The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of
identity checks via a sign/encryption confusion attack. For example, JWE
can sometimes be used to bypass JSON::JWT.decode.
Bugs
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | ruby-json-jwt | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | ruby-json-jwt | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | ruby-json-jwt | < any | UNKNOWN |
| ubuntu | 23.10 | noarch | ruby-json-jwt | < any | UNKNOWN |
| ubuntu | 24.04 | noarch | ruby-json-jwt | < any | UNKNOWN |
Related
prion
prion
Design/Logic Flaw
2024-02-29 01:42:00
cve
cve
CVE-2023-51774
2024-02-29 01:42:05
github
github
osv
osv
cvelist
cvelist
CVE-2023-51774
2023-12-25 00:00:00
cgr
cgr
CVE-2023-51774 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2023-51774 vulnerabilities
2024-05-19 21:07:17
redhatcve
redhatcve
CVE-2023-51774
2024-02-29 09:03:09
debiancve
debiancve
CVE-2023-51774
2024-02-29 01:42:05