Json-jwt Project Json-jwt — known CVE vulnerabilities
Every CVE whose affected-product data names Json-jwt Project Json-jwt, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2023-51774 — CVSS 8.4 (high): The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For…
CVE-2019-18848 — CVSS 7.5 (high): The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string.
CVE-2018-1000539 — CVSS 5.3 (medium): Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption…