Описание
JSON-jwt Gem lacked element count during splitting of JWE string
The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-18848
- https://github.com/nov/json-jwt/commit/ada16e772906efdd035e3df49cb2ae372f0f948a
- https://github.com/nov/json-jwt/compare/v1.10.2...v1.11.0
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json-jwt/CVE-2019-18848.yml
- https://lists.debian.org/debian-lts-announce/2020/10/msg00001.html
Пакеты
Наименование
json-jwt
rubygems
Затронутые версииВерсия исправления
< 1.11.0
1.11.0
Связанные уязвимости
CVSS3: 7.5
ubuntu
около 6 лет назад
The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string.
CVSS3: 7.5
nvd
около 6 лет назад
The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string.
CVSS3: 7.5
debian
около 6 лет назад
The json-jwt gem before 1.11.0 for Ruby lacks an element count during ...
