← Back to CVE List

CVE-2023-51774

Published: 2024-02-29T01:42Z
Last Modified: 2024-11-21T08:38Z
Source: MITRE CVE List
License: MITRE-CVE-TOS
The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt