json-jwt 1.16.6 added an explicit check to fix CVE-2023-51774.

postmodern · postmodern · commit b9044073701d · 2024-03-04T02:52:07.000-08:00
* nov/json-jwt@9c4d842
diff --git a/gems/json-jwt/CVE-2023-51774.yml b/gems/json-jwt/CVE-2023-51774.yml
@@ -9,7 +9,8 @@ description: |
   The json-jwt (aka JSON::JWT) gem versions 1.16.5 and below sometimes allows
   bypass of identity checks via a sign/encryption confusion attack.
   For example, JWE can sometimes be used to bypass JSON::JWT.decode.
-notes: Not patched yet
+patched_versions:
+  - ">= 1.16.6"
 related:
   url:
     - https://nvd.nist.gov/vuln/detail/CVE-2023-51774
