Description
The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string.
References (3)
Core 3
Core References
Patch x_refsource_misc
https://github.com/nov/json-jwt/commit/ada16e772906efdd035e3df49cb2ae372f0f948a
Patch x_refsource_misc
https://github.com/nov/json-jwt/compare/v1.10.2...v1.11.0
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/10/msg00001.html
Scores
CVSS v3
7.5
EPSS
0.0021
EPSS Percentile
42.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-287
Status
published
Products (3)
debian/debian_linux
9.0
json-jwt_project/json-jwt
< 1.11.0
rubygems/json-jwt
0 - 1.11.0RubyGems
Published
Nov 12, 2019
Tracked Since
Feb 18, 2026