Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 1.9.4 and later.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| json-jwt(RubyGems) | 0.5.1 | 1.9.4 | N/A |
CVSS Metrics
