{"affected":[{"ecosystem_specific":{"binaries":[{"ruby2.5-rubygem-aes_key_wrap":"1.1.0-bp155.2.1","ruby2.5-rubygem-aes_key_wrap-doc":"1.1.0-bp155.2.1","ruby2.5-rubygem-json-jwt":"1.16.6-bp155.3.3.1","ruby2.5-rubygem-json-jwt-doc":"1.16.6-bp155.3.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP5","name":"rubygem-aes_key_wrap","purl":"pkg:rpm/suse/rubygem-aes_key_wrap&distro=SUSE%20Package%20Hub%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.1.0-bp155.2.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ruby2.5-rubygem-aes_key_wrap":"1.1.0-bp155.2.1","ruby2.5-rubygem-aes_key_wrap-doc":"1.1.0-bp155.2.1","ruby2.5-rubygem-json-jwt":"1.16.6-bp155.3.3.1","ruby2.5-rubygem-json-jwt-doc":"1.16.6-bp155.3.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP5","name":"rubygem-json-jwt","purl":"pkg:rpm/suse/rubygem-json-jwt&distro=SUSE%20Package%20Hub%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.16.6-bp155.3.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ruby2.5-rubygem-aes_key_wrap":"1.1.0-bp155.2.1","ruby2.5-rubygem-aes_key_wrap-doc":"1.1.0-bp155.2.1","ruby2.5-rubygem-json-jwt":"1.16.6-bp155.3.3.1","ruby2.5-rubygem-json-jwt-doc":"1.16.6-bp155.3.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"rubygem-aes_key_wrap","purl":"pkg:rpm/opensuse/rubygem-aes_key_wrap&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.1.0-bp155.2.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"ruby2.5-rubygem-aes_key_wrap":"1.1.0-bp155.2.1","ruby2.5-rubygem-aes_key_wrap-doc":"1.1.0-bp155.2.1","ruby2.5-rubygem-json-jwt":"1.16.6-bp155.3.3.1","ruby2.5-rubygem-json-jwt-doc":"1.16.6-bp155.3.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"rubygem-json-jwt","purl":"pkg:rpm/opensuse/rubygem-json-jwt&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.16.6-bp155.3.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for rubygem-json-jwt fixes the following issues:\n\n- New upstream release 1.16.6, see bundled CHANGELOG.md\n\n- Remove padding oracle by @btoews in https://github.com/nov/json-jwt/pull/109\n- Fixes CVE-2023-51774 boo#1220727\n\n- updated to version 1.11.0\n  - no changelog found\n  - Fixes CVE-2019-18848 boo#1156649 \n\n","id":"openSUSE-SU-2025:0004-1","modified":"2025-01-07T17:01:48Z","published":"2025-01-07T17:01:48Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FICWL2K7EGMUBVQ6CHEQYANYFEU4XBG4/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1156649"},{"type":"REPORT","url":"https://bugzilla.suse.com/1220727"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-18848"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-51774"}],"related":["CVE-2019-18848","CVE-2023-51774"],"summary":"Security update for rubygem-json-jwt","upstream":["CVE-2019-18848","CVE-2023-51774"]}