Skip to main content

Json Jwt

2 CVEs product

Monthly

CVE-2019-18848 Ruby HIGH PATCH This Week

The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Json Jwt Debian Linux
NVD GitHub
CVSS 3.1
7.5
EPSS
1.3%
CVE-2018-1000539 Ruby MEDIUM PATCH This Month

Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Json Jwt
NVD GitHub
CVSS 3.0
5.3
EPSS
0.8%
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Json Jwt Debian Linux
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM PATCH This Month

Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Jwt Attack Information Disclosure Json Jwt
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy