CVE-2023-51774

Опубликовано: 29 фев. 2024

Источник: ubuntu

Приоритет: medium

CVSS3: 8.4

Описание

The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode.

Релиз	Статус	Примечание
bionic	ignored	end of standard support
devel	needs-triage
esm-apps/bionic	needs-triage
esm-apps/focal	needs-triage
esm-apps/jammy	needs-triage
esm-apps/noble	needs-triage
focal	ignored	end of standard support, was needs-triage
jammy	needs-triage
lunar	ignored	end of life, was needs-triage
mantic	ignored	end of life, was needs-triage

Показывать по

Ссылки на источники

8.4 High

CVSS3

Связанные уязвимости

CVE-2023-51774

CVSS3: 6.5

redhat

почти 2 года назад

The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode.

CVE-2023-51774

CVSS3: 8.4

nvd

почти 2 года назад

The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode.

CVE-2023-51774

CVSS3: 8.4

debian

почти 2 года назад

The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypa ...

GHSA-c8v6-786g-vjx6

github

почти 2 года назад

json-jwt allows bypass of identity checks via a sign/encryption confusion attack

openSUSE-SU-2025:0004-1

suse-cvrf

около 1 года назад

Security update for rubygem-json-jwt

8.4 High

CVSS3

CVE-2023-51774

Описание

Пакет ruby-json-jwt

Ссылки на источники

Связанные уязвимости