Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 1.9.4 and later.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Nov json-jwt 安全漏洞
Vulnerability Description
Nov json-jwt是一款基于Ruby的、包含了JSON Web Signature、JSON Web Encryption和JSON Web Key的软件包。 Nov json-jwt 0.5.0版本至1.9.4版本(不包含1.9.4版本)中加密JSON Web令牌(使用AES-GCM加密)的解密存在安全漏洞,该漏洞源于程序没有正确的验证加密签名。攻击者可利用该漏洞伪造身份验证标签。
CVSS Information
N/A
Vulnerability Type
N/A