{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T06:28:46.740","vulnerabilities":[{"cve":{"id":"CVE-2018-1000539","sourceIdentifier":"cve@mitre.org","published":"2018-06-26T16:29:02.163","lastModified":"2024-11-21T03:40:09.260","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Nov json-jwt version >= 0.5.0 && < 1.9.4 contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability in Decryption of AES-GCM encrypted JSON Web Tokens that can result in Attacker can forge a authentication tag. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in 1.9.4 and later."},{"lang":"es","value":"Nov json-jwt, en versiones 0.5.0 hasta la 1.9.4 contiene una vulnerabilidad CWE-347: verificación incorrecta de firmas criptográficas en el descifrado de tokens web JSON cifrados por AES-GCM que puede resultar en que un atacante falsifique una etiqueta de autenticación. Este ataque parece ser explotable mediante conectividad de red. La vulnerabilidad parece haber sido solucionada en las versiones 1.9.4 y siguientes."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-347"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:json-jwt_project:json-jwt:*:*:*:*:*:*:*:*","versionStartIncluding":"0.5.0","versionEndExcluding":"1.9.4","matchCriteriaId":"DE657A1B-79DE-4562-BB57-5C59DED272A7"}]}]}],"references":[{"url":"https://github.com/nov/json-jwt/pull/62","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2018/dsa-4283","source":"cve@mitre.org"},{"url":"https://github.com/nov/json-jwt/pull/62","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://www.debian.org/security/2018/dsa-4283","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}