Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Package Hub 15 SP5 package rubygem-json-jwt, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (2)
CVE-2023-51774 — CVSS 8.4 (high): The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For…
CVE-2019-18848 — CVSS 7.5 (high): The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string.