GHSA SYNC: 1 brand new advisory

jasnow · postmodern · commit 43149b540b70 · 2025-08-08T10:26:18.000-07:00
diff --git a/gems/jwe/CVE-2025-54887.yml b/gems/jwe/CVE-2025-54887.yml
@@ -0,0 +1,46 @@
+---
+gem: jwe
+cve: 2025-54887
+ghsa: c7p4-hx26-pr73
+url: https://github.com/jwt/ruby-jwe/security/advisories/GHSA-c7p4-hx26-pr73
+title: JWE is missing AES-GCM authentication tag validation in encrypted JWE
+date: 2025-08-07
+description: |
+  ### Overview
+
+  The authentication tag of encrypted JWEs can be brute forced,
+  which may result in loss of confidentiality for those JWEs and
+  provide ways to craft arbitrary JWEs.
+
+  ### Impact
+
+  - JWEs can be modified to decrypt to an arbitrary value
+  - JWEs can be decrypted by observing parsing differences
+  - The GCM internal
+    [GHASH key](https://en.wikipedia.org/wiki/Galois/Counter_Mode)
+    can be recovered
+
+  ### Am I Affected?
+
+  You are affected by this vulnerability even if you do not
+  use an `AES-GCM` encryption algorithm for your JWEs.
+
+  ### Patches
+
+  The version 1.1.1 fixes the issue by adding the tag length check for the `AES-GCM` algorithm.
+
+  **Important:** As the [GHASH key](https://en.wikipedia.org/wiki/Galois/Counter_Mode)
+  could have leaked, you must rotate the encryption keys after
+  upgrading to version 1.1.1.
+
+  ### References
+
+  [Félix Charette talk at NorthSec 2025 about the issue](https://www.youtube.com/watch?v=9IT659uUXfs&t=15830s)
+cvss_v3: 9.1
+patched_versions:
+  - ">= 1.1.1"
+related:
+  url:
+    - https://github.com/jwt/ruby-jwe/security/advisories/GHSA-c7p4-hx26-pr73
+    - https://github.com/jwt/ruby-jwe/releases/tag/v1.1.1
+    - https://github.com/advisories/GHSA-c7p4-hx26-pr73
