CVE-2019-18848

CVE-2019-18848

EPSS 1.3%

The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/nov/json-jwt/commit/ada16e772906efdd035e3df49cb2ae372f0f948a https://github.com/nov/json-jwt/compare/v1.10.2...v1.11.0 https://lists.debian.org/debian-lts-announce/2020/10/msg00001.html