← Back

Json Jwt Project

json-jwt_project

3 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Json Jwt
json-jwt
3 CVEs

CVEs (3)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-51774
1Json Jwt Project
1Json Jwt
May 8, 2025
Feb 29, 2024
N/A· v4
8.4 HIGH· v3
N/A· v2
The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode.
CVE-2019-18848
2Debian
Json Jwt Project
2Debian Linux
Json Jwt
Nov 21, 2024
Nov 12, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string.
CVE-2018-1000539
1Json Jwt Project
1Json Jwt
Nov 21, 2024
Jun 26, 2018
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authe...Show more
Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 1.9.4 and later.Show less