VYPR
Moderate severityNVD Advisory· Published Dec 25, 2023· Updated Aug 26, 2024

CVE-2023-51774

CVE-2023-51774

Description

The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
json-jwtRubyGems
>= 1.16.0, < 1.16.61.16.6
json-jwtRubyGems
< 1.15.3.11.15.3.1

Affected products

16

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.