spec for CVE-2023-51774 mitigation

nov · Mar 6, 2024 · 22fce18 · 22fce18
1 parent fcc22b0
commit 22fce18
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/spec/json/jwt_spec.rb b/spec/json/jwt_spec.rb
@@ -504,6 +504,14 @@
         end
       end
     end
+
+    context 'when JWS & JWE can be mixed-up (CVE-2023-51774)' do
+      it do
+        expect do
+          JSON::JWT.decode 'header.encrypted_key.iv.cipher_text.authentication_tag', 'secret', nil, nil, true
+        end.to raise_error JSON::JWT::InvalidFormat
+      end
+    end
   end
 
   describe '.pretty_generate' do