Closed Shoaib19 closed 6 months ago
Not according to bundle-audit:
ruby-advisory-db:
advisories: 877 advisories
last updated: 2024-03-02 13:38:12 -0800
commit: 973ee9391883d41454c48851116c774f1bfc78c8
Name: json-jwt
Version: 1.16.6
CVE: CVE-2023-51774
GHSA: GHSA-c8v6-786g-vjx6
Criticality: Unknown
URL: https://github.com/P3ngu1nW/CVE_Request/blob/main/novjson-jwt.md
Title: json-jwt allows bypass of identity checks via a sign/encryption confusion attack
Solution: remove or disable this gem until a patch is available!```
@nov Yeah I see but the bundle audit still producing the warning CI run it for verification, can you also fix that?
I have no idea how to fix that.
Has v1.16.6 be released, I don't see it in https://github.com/nov/json-jwt/releases
@annettemccullough here it is https://rubygems.org/gems/json-jwt/versions/1.16.6
I am getting the error is it resolved in 1.16.6?