ruby-jwt v3.0.0.beta1 was discovered to contain weak encryption. NOTE: the Supplier's perspective is "keysize is not something that is enforced by this library. Currently more recent ver ...
Continue Reading
August 09, 2025
jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption (JWE) standard. In versions 1.1.0 and below, authentication tags of encrypted JWEs can be brute forced, which may result in loss of con ...
Continue Reading
August 09, 2025
Overview The authentication tag of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs. Impact JWEs can be modified ...
Continue Reading
August 08, 2025
jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption (JWE) standard. In versions 1.1.0 and below, authentication tags of encrypted JWEs can be brute forced, which may result in loss of con ...
Continue Reading
August 08, 2025
No description is available for this CVE. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising e ...
Continue Reading
August 08, 2025
Overview The authentication tag of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs. Impact JWEs can be modified ...
Continue Reading
August 08, 2025
Name of the Vulnerable Software and Affected Versions: ruby-jwt version 3.0.0.beta1 Description: ruby-jwt v3.0.0.beta1 contains weak encryption. The supplier notes that key size is not enforced by the ...
Continue Reading
August 08, 2025
jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption (JWE) standard. In versions 1.1.0 and below, authentication tags of encrypted JWEs can be brute forced, which may result in loss of con ...
Continue Reading
August 08, 2025
Back to Main
