VulnerableCode Package Details - pkg:gem/json-jwt@0.5.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-4zw4-nktv-afae Aliases: CVE-2019-18848 GHSA-cff7-6h4q-q5pj	JSON-jwt Gem lacked element count during splitting of JWE string	1.11.0 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-fjt3-bw5m-g3gx Aliases: CVE-2018-1000539 GHSA-mj4x-wcxf-hm8x	security update	1.9.4 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-s8ex-dtq7-qbdk Aliases: CVE-2023-51774 GHSA-c8v6-786g-vjx6	The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode.	1.15.3.1 Affected by 0 other vulnerabilities. 1.16.6 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-4zw4-nktv-afae
Aliases:
CVE-2019-18848
GHSA-cff7-6h4q-q5pj

JSON-jwt Gem lacked element count during splitting of JWE string

1.11.0
Affected by 1 other vulnerability.

VCID-fjt3-bw5m-g3gx
Aliases:
CVE-2018-1000539
GHSA-mj4x-wcxf-hm8x

security update

1.9.4
Affected by 2 other vulnerabilities.

VCID-s8ex-dtq7-qbdk
Aliases:
CVE-2023-51774
GHSA-c8v6-786g-vjx6

The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode.

1.15.3.1
Affected by 0 other vulnerabilities.

1.16.6
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-13T09:24:26.196459+00:00	Ruby Importer	Affected by	VCID-s8ex-dtq7-qbdk	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json-jwt/CVE-2023-51774.yml	38.6.0
2026-06-12T19:22:01.018706+00:00	GitLab Importer	Affected by	VCID-s8ex-dtq7-qbdk	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/json-jwt/CVE-2023-51774.yml	38.6.0
2026-06-12T17:15:30.517378+00:00	GitLab Importer	Affected by	VCID-4zw4-nktv-afae	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/json-jwt/CVE-2019-18848.yml	38.6.0
2026-06-12T17:01:46.088415+00:00	GitLab Importer	Affected by	VCID-fjt3-bw5m-g3gx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/json-jwt/CVE-2018-1000539.yml	38.6.0
2026-06-12T03:51:55.492706+00:00	Ruby Importer	Affected by	VCID-fjt3-bw5m-g3gx	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/json-jwt/CVE-2018-1000539.yml	38.6.0
2026-06-11T20:24:11.209762+00:00	GHSA Importer	Affected by	VCID-fjt3-bw5m-g3gx	https://github.com/advisories/GHSA-mj4x-wcxf-hm8x	38.6.0