json-jwt allows bypass of identity checks via a sign/encryption confusion attack

The json-jwt (aka JSON::JWT) gem versions 1.16.5 and below sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass...Read Mo ...

Continue Reading
json-jwt allows bypass of identity checks via a sign/encryption confusion attack

The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass...Read More ...

Continue Reading
json-jwt allows bypass of identity checks via a sign/encryption confusion attack

The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass...Read More ...

Continue Reading
CVE-2023-51774

The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass...Read More ...

Continue Reading
GHSA-J225-CVW7-QRX7 vulnerabilities

Vulnerabilities for packages:...Read More ...

Continue Reading
CVE-2023-52323 vulnerabilities

Vulnerabilities for packages:...Read More ...

Continue Reading
GHSA-G4MX-Q9VG-27P4 vulnerabilities

Vulnerabilities for packages: py3-urllib3-1, kubeflow-volumes-web-app, kubeflow-jupyter-web-app, jwt-tool, py3-tensorflow-serving-api,...Read More ...

Continue Reading
CVE-2023-45803 vulnerabilities

Vulnerabilities for packages: py3-urllib3-1, kubeflow-volumes-web-app, kubeflow-jupyter-web-app, jwt-tool, py3-tensorflow-serving-api,...Read More ...

Continue Reading

Back to Main

Subscribe for the latest news: