Skip to content

Commit

Permalink
Update CVE-2023-51774 with patch version for 1.15.3
Browse files Browse the repository at this point in the history 
See nov/json-jwt#121 and https://github.com/nov/json-jwt/commits/v1.15.3/ for the code
  • Loading branch information
@renchap @postmodern
renchap authored and postmodern committed Mar 7, 2024
1 parent 2626a46 commit f455e04
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions gems/json-jwt/CVE-2023-51774.yml
View file
Expand Up @@ -10,6 +10,7 @@ description: |
bypass of identity checks via a sign/encryption confusion attack.
For example, JWE can sometimes be used to bypass JSON::JWT.decode.
patched_versions:
- "~> 1.15.3, >= 1.15.3.1"
- ">= 1.16.6"
related:
url:
Expand Down

0 comments on commit f455e04

Please sign in to comment.