Dependency json-jwt allows bypass of identity checks via a sign/encryption confusion attack (CVE-2023-51774) #99
Description
Issue
The gem rack-oauth2 has json-jwt >= 1.11.0 as dependency which is vulnerable to CVE-2023-51774 (see GHSA-c8v6-786g-vjx6).
Patched versions are 1.16.6 and 1.15.3.1.
Temporary fix
Add gem 'json-jwt', '>= 1.16.6' to your gemfile to ensure the patched gem version.