Sha256: ea333793866f5b1aac595c3afd5689f33438aaef7656830d2e833cfcb36cc8de

Contents?: true

Size: 747 Bytes

Versions: 3

Compression:

Stored size: 747 Bytes

Contents

---
gem: json-jwt
cve: 2018-1000539
date: 2018-04-30
url: https://github.com/nov/json-jwt/pull/62
title: Auth tag forgery vulnerability with AES-GCM encrypted JWT
description: |
  Ruby's OpenSSL bindings do not check the length of the supplied
  authentication tag when decrypting an authenticated encryption mode
  such as AES-GCM, leaving this up to the authors of a gem/app to
  implement for properly validating the message.

  json-jwt was not checking for the authentication tag length, meaning
  that with a one byte tag the JWT would be considered not tampered
  with. This means that with an average of 128 (max 256) attempts an
  attacker can forge a valid signature.

unaffected_versions:
  - "< 0.5.1"
patched_versions:
  - ">= 1.9.4"

Version data entries

3 entries across 3 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/json-jwt/CVE-2018-1000539.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/json-jwt/CVE-2018-1000539.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/json-jwt/CVE-2018-1000539.yml