Upstream information

CVE-2023-51774 at MITRE

Description

The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.

SUSE Bugzilla entry: 1220727 [NEW]

No SUSE Security Announcements cross referenced.


SUSE Timeline for this CVE

CVE page created: Thu Feb 29 03:13:11 2024
CVE page last modified: Tue Mar 5 11:39:30 2024