pkg:gem/json-jwt
Type
gem
Name
json-jwt
Known advisories, vulnerabilities and fixes for json-jwt package.
- Repository
- https://rubygems.org/gems/json-jwt
High
2
Medium
1
Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
---|---|---|---|---|---|---|---|
Affected | < 1.9.4 = 0.5.1 |
CVE-2018-1000539
|
RUBYSEC:JSON-JWT-2018-1000539 | Auth tag forgery vulnerability with AES-GCM encrypted JWT | medium |
2018-04-30T00:00:00
(6 years ago) |
|
Fixed | >= 1.9.4 |
CVE-2018-1000539
|
RUBYSEC:JSON-JWT-2018-1000539 | Auth tag forgery vulnerability with AES-GCM encrypted JWT | medium |
2018-04-30T00:00:00
(6 years ago) |
|
Unaffected | < 0.5.1 |
CVE-2018-1000539
|
RUBYSEC:JSON-JWT-2018-1000539 | Auth tag forgery vulnerability with AES-GCM encrypted JWT | medium |
2018-04-30T00:00:00
(6 years ago) |
|
Affected | < 1.11.0 |
CVE-2019-18848
|
RUBYSEC:JSON-JWT-2019-18848 | json-jwt improper input validation due to lack of element count when splitting string | high |
2019-11-14T00:00:00
(4 years ago) |
|
Fixed | >= 1.11.0 |
CVE-2019-18848
|
RUBYSEC:JSON-JWT-2019-18848 | json-jwt improper input validation due to lack of element count when splitting string | high |
2019-11-14T00:00:00
(4 years ago) |
|
Affected | < 1.15.3.1 < 1.16.6 |
CVE-2023-51774
|
RUBYSEC:JSON-JWT-2023-51774 | json-jwt allows bypass of identity checks via a sign/encryption confusion attack | high |
2024-02-29T00:00:00
(6 months ago) |
|
Fixed | = 1.15.3 >= 1.15.3.1 >= 1.16.6 |
CVE-2023-51774
|
RUBYSEC:JSON-JWT-2023-51774 | json-jwt allows bypass of identity checks via a sign/encryption confusion attack | high |
2024-02-29T00:00:00
(6 months ago) |