High severityNVD Advisory· Published Nov 12, 2019· Updated Aug 5, 2024
CVE-2019-18848
CVE-2019-18848
Description
The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
json-jwtRubyGems | < 1.11.0 | 1.11.0 |
Affected products
6- Ruby/json-jwt gemdescription
- ghsa-coords5 versionspkg:gem/json-jwtpkg:rpm/opensuse/rubygem-aes_key_wrap&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/rubygem-json-jwt&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/rubygem-aes_key_wrap&distro=SUSE%20Package%20Hub%2015%20SP5pkg:rpm/suse/rubygem-json-jwt&distro=SUSE%20Package%20Hub%2015%20SP5
< 1.11.0+ 4 more
- (no CPE)range: < 1.11.0
- (no CPE)range: < 1.1.0-bp155.2.1
- (no CPE)range: < 1.16.6-bp155.3.3.1
- (no CPE)range: < 1.1.0-bp155.2.1
- (no CPE)range: < 1.16.6-bp155.3.3.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-cff7-6h4q-q5pjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-18848ghsaADVISORY
- github.com/nov/json-jwt/commit/ada16e772906efdd035e3df49cb2ae372f0f948aghsax_refsource_MISCWEB
- github.com/nov/json-jwt/compare/v1.10.2...v1.11.0ghsax_refsource_MISCWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/json-jwt/CVE-2019-18848.ymlghsaWEB
- lists.debian.org/debian-lts-announce/2020/10/msg00001.htmlghsamailing-listx_refsource_MLISTWEB
News mentions
0No linked articles in our index yet.