Vulnerability Details CVE-2018-1000539
Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 1.9.4 and later.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.8%
CVSS Severity
CVSS v3 Score 5.3
CVSS v2 Score 5.0
References
Products affected by CVE-2018-1000539
-
cpe:2.3:a:json-jwt_project:json-jwt:0.5.0
-
cpe:2.3:a:json-jwt_project:json-jwt:0.5.1
-
cpe:2.3:a:json-jwt_project:json-jwt:0.5.2
-
cpe:2.3:a:json-jwt_project:json-jwt:0.5.3
-
cpe:2.3:a:json-jwt_project:json-jwt:0.5.4
-
cpe:2.3:a:json-jwt_project:json-jwt:0.5.5
-
cpe:2.3:a:json-jwt_project:json-jwt:0.5.6
-
cpe:2.3:a:json-jwt_project:json-jwt:0.6.0
-
cpe:2.3:a:json-jwt_project:json-jwt:0.6.1
-
cpe:2.3:a:json-jwt_project:json-jwt:0.7.0
-
cpe:2.3:a:json-jwt_project:json-jwt:0.7.1
-
cpe:2.3:a:json-jwt_project:json-jwt:0.8.0
-
cpe:2.3:a:json-jwt_project:json-jwt:0.8.1
-
cpe:2.3:a:json-jwt_project:json-jwt:1.0.0
-
cpe:2.3:a:json-jwt_project:json-jwt:1.0.1
-
cpe:2.3:a:json-jwt_project:json-jwt:1.0.2
-
cpe:2.3:a:json-jwt_project:json-jwt:1.0.3
-
cpe:2.3:a:json-jwt_project:json-jwt:1.1.0
-
cpe:2.3:a:json-jwt_project:json-jwt:1.2.0
-
cpe:2.3:a:json-jwt_project:json-jwt:1.2.1
-
cpe:2.3:a:json-jwt_project:json-jwt:1.2.2
-
cpe:2.3:a:json-jwt_project:json-jwt:1.2.3
-
cpe:2.3:a:json-jwt_project:json-jwt:1.2.4
-
cpe:2.3:a:json-jwt_project:json-jwt:1.3.0
-
cpe:2.3:a:json-jwt_project:json-jwt:1.3.1
-
cpe:2.3:a:json-jwt_project:json-jwt:1.4.0
-
cpe:2.3:a:json-jwt_project:json-jwt:1.5.0
-
cpe:2.3:a:json-jwt_project:json-jwt:1.5.1
-
cpe:2.3:a:json-jwt_project:json-jwt:1.5.2
-
cpe:2.3:a:json-jwt_project:json-jwt:1.6.0
-
cpe:2.3:a:json-jwt_project:json-jwt:1.6.1
-
cpe:2.3:a:json-jwt_project:json-jwt:1.6.2
-
cpe:2.3:a:json-jwt_project:json-jwt:1.6.3
-
cpe:2.3:a:json-jwt_project:json-jwt:1.6.4
-
cpe:2.3:a:json-jwt_project:json-jwt:1.6.5
-
cpe:2.3:a:json-jwt_project:json-jwt:1.7.0
-
cpe:2.3:a:json-jwt_project:json-jwt:1.7.1
-
cpe:2.3:a:json-jwt_project:json-jwt:1.7.2
-
cpe:2.3:a:json-jwt_project:json-jwt:1.8.0
-
cpe:2.3:a:json-jwt_project:json-jwt:1.8.1
-
cpe:2.3:a:json-jwt_project:json-jwt:1.8.2
-
cpe:2.3:a:json-jwt_project:json-jwt:1.8.3
-
cpe:2.3:a:json-jwt_project:json-jwt:1.9.0
-
cpe:2.3:a:json-jwt_project:json-jwt:1.9.1
-
cpe:2.3:a:json-jwt_project:json-jwt:1.9.2
-
cpe:2.3:a:json-jwt_project:json-jwt:1.9.3