The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of
identity checks via a sign/encryption confusion attack. For example, JWE
can sometimes be used to bypass JSON::JWT.decode.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | ruby-json-jwt | < any | UNKNOWN |
ubuntu | 20.04 | noarch | ruby-json-jwt | < any | UNKNOWN |
ubuntu | 22.04 | noarch | ruby-json-jwt | < any | UNKNOWN |
ubuntu | 23.10 | noarch | ruby-json-jwt | < any | UNKNOWN |
ubuntu | 24.04 | noarch | ruby-json-jwt | < any | UNKNOWN |