CVE-2023-51774 (json-jwt): json-jwt allows bypass of identity checks via a sign/encryption confusion attack

Ruby Security Advisory

The json-jwt (aka JSON::JWT) gem versions 1.16.5 and below sometimes allows
bypass of identity checks via a sign/encryption confusion attack.
For example, JWE can sometimes be used to bypass JSON::JWT.decode.

READ MORE

Leave a Reply

Your email address will not be published. Required fields are marked *