CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-18848
https://notcve.org/view.php?id=CVE-2019-18848
12 Nov 2019 — The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string. La gema json-jwt versiones anteriores a 1.11.0 para Ruby, carece de un conteo de elementos durante la división de una cadena JWE. • https://github.com/nov/json-jwt/commit/ada16e772906efdd035e3df49cb2ae372f0f948a • CWE-287: Improper Authentication •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-1000539 – Debian Security Advisory 4283-1
https://notcve.org/view.php?id=CVE-2018-1000539
26 Jun 2018 — Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 1.9.4 and later. Nov json-jwt, en versiones 0.5.0 hasta la 1.9.4 contiene una vulnerabilidad CWE-347: verificación incorrecta de firmas criptográficas en el descifra... • https://github.com/nov/json-jwt/pull/62 • CWE-347: Improper Verification of Cryptographic Signature •