CVE-2019-18848

CVE-2019-18848

EPSS 1.3%

The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/nov/json-jwt/commit/ada16e772906efdd035e3df49cb2ae372f0f948a https://github.com/nov/json-jwt/compare/v1.10.2...v1.11.0 https://lists.debian.org/debian-lts-announce/2020/10/msg00001.html