pkg:gem/json-jwt
Type
gem
Name
json-jwt
Known advisories, vulnerabilities and fixes for json-jwt package.
- Repository
- https://rubygems.org/gems/json-jwt
High
2
Medium
1
| Type | Version | Distribution | # CVEs | # Advisory ID | Title | Severity | Published |
|---|---|---|---|---|---|---|---|
| Affected | < 1.9.4 = 0.5.1 |
CVE-2018-1000539
|
 RUBYSEC:JSON-JWT-2018-1000539
|
Auth tag forgery vulnerability with AES-GCM encrypted JWT | medium |
2018-04-30T00:00:00
(6 years ago) |
|
| Fixed | >= 1.9.4 |
CVE-2018-1000539
|
RUBYSEC:JSON-JWT-2018-1000539
|
Auth tag forgery vulnerability with AES-GCM encrypted JWT | medium |
2018-04-30T00:00:00
(6 years ago) |
|
| Unaffected | < 0.5.1 |
CVE-2018-1000539
|
RUBYSEC:JSON-JWT-2018-1000539
|
Auth tag forgery vulnerability with AES-GCM encrypted JWT | medium |
2018-04-30T00:00:00
(6 years ago) |
|
| Affected | < 1.11.0 |
CVE-2019-18848
|
RUBYSEC:JSON-JWT-2019-18848
|
json-jwt improper input validation due to lack of element count when splitting string | high |
2019-11-14T00:00:00
(4 years ago) |
|
| Fixed | >= 1.11.0 |
CVE-2019-18848
|
RUBYSEC:JSON-JWT-2019-18848
|
json-jwt improper input validation due to lack of element count when splitting string | high |
2019-11-14T00:00:00
(4 years ago) |
|
| Affected | < 1.15.3.1 < 1.16.6 |
CVE-2023-51774
|
RUBYSEC:JSON-JWT-2023-51774
|
json-jwt allows bypass of identity checks via a sign/encryption confusion attack | high |
2024-02-29T00:00:00
(6 months ago) |
|
| Fixed | = 1.15.3 >= 1.15.3.1 >= 1.16.6 |
CVE-2023-51774
|
RUBYSEC:JSON-JWT-2023-51774
|
json-jwt allows bypass of identity checks via a sign/encryption confusion attack | high |
2024-02-29T00:00:00
(6 months ago) |