RubySec

Providing security resources for the Ruby community

CVE-2019-18848 (json-jwt): json-jwt improper input validation due to lack of element count when splitting string

ADVISORIES

GEM

json-jwt

SEVERITY

CVSS v3: 7.5

PATCHED VERSIONS

  • >= 1.11.0

DESCRIPTION

The json-jwt gem before 1.11.0 for Ruby lacks an element count during the splitting of a JWE string.