Candidate: CVE-2019-18848
PublicDate: 2019-11-12 15:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18848
 https://github.com/nov/json-jwt/commit/ada16e772906efdd035e3df49cb2ae372f0f948a
 https://github.com/nov/json-jwt/compare/v1.10.2...v1.11.0
Description:
 The json-jwt gem before 1.11.0 for Ruby lacks an element count during the
 splitting of a JWE string.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]


Patches_ruby-json-jwt:
upstream_ruby-json-jwt: released (1.11.0-1)
precise/esm_ruby-json-jwt: DNE
trusty_ruby-json-jwt: ignored (out of standard support)
trusty/esm_ruby-json-jwt: DNE
xenial_ruby-json-jwt: DNE
bionic_ruby-json-jwt: needed
disco_ruby-json-jwt: ignored (reached end-of-life)
eoan_ruby-json-jwt: ignored (reached end-of-life)
focal_ruby-json-jwt: not-affected (1.11.0-1)
groovy_ruby-json-jwt: not-affected (1.11.0-1)
hirsute_ruby-json-jwt: not-affected (1.11.0-1)
impish_ruby-json-jwt: not-affected (1.11.0-1)
jammy_ruby-json-jwt: not-affected (1.11.0-1)
devel_ruby-json-jwt: not-affected (1.11.0-1)