CNNVD-202508-729 Information

CNNVD ID

CNNVD-202508-729

Related CVE

CVE-2025-54887

• CNNVD Published: 2025-08-08

Description (Chinese)

JWE是JSON Web Token开源的一个Ruby的JSON Web加密库。 JWE 1.1.0及之前版本存在安全漏洞，该漏洞源于加密JWE的认证标签可被暴力破解，可能导致机密性丧失。

Description (English)

JWE is a Ruby’s JSON Web encryption library at JSON Web Token’s open source. There is a security loophole in JWE 1.1.0 and previous versions, which stems from the fact that the encrypted JWE authentication label can be violently broken and could lead to a loss of confidentiality.

Hazard Level

Low

Vulnerability Type

其他

Affected Vendor

JSON Web Token

Published

2025-08-08

Last Modified

2026-02-24

References

https://github.com/jwt/ruby-jwe/commit/1e719d79ba3d7aadaa39a2f08c25df077a0f9ff1 https://github.com/jwt/ruby-jwe/security/advisories/GHSA-c7p4-hx26-pr73 https://access.redhat.com/security/cve/cve-2025-54887

Patch

https://github.com/jwt/ruby-jwe/releases