Fix ruby-jwt — CVE-2024-21979 HIGH
Fix CVE-2024-21979 (HIGH) in ruby-jwt for Ruby. Paste your Gemfile into PackageFix and get a patched version — no CLI, no signup. Algorithm confusion attack via none algorithm acceptance.
⚠ Vulnerability
CVE-2024-21979 (HIGH) — algorithm confusion attack via none algorithm acceptance in ruby-jwt versions below 2.8.1.
Vulnerable Version — Gemfile
gem 'jwt', '2.7.0'
Fixed Version — Gemfile
gem 'jwt', '2.8.1'
✓ Fix
Update ruby-jwt to 2.8.1 or later. Run bundle install to apply. Verify with your ecosystem's audit tool after updating.
Paste your manifest — get back a fixed version with all CVEs patched in seconds.
Open PackageFix →No signup · No CLI · No GitHub connection · Runs 100% in your browser
CVE Details
| Field | Value |
|---|---|
| CVE ID | CVE-2024-21979 |
| Severity | HIGH |
| Package | ruby-jwt (Ruby) |
| Vulnerable versions | Below 2.8.1 |
| Safe version | 2.8.1 |
| CISA KEV | — |
| Description | Algorithm confusion attack via none algorithm acceptance |
Frequently Asked Questions
What is CVE-2024-21979?
CVE-2024-21979 is a HIGH severity vulnerability in ruby-jwt (Ruby). It allows algorithm confusion attack via none algorithm acceptance. Update to version 2.8.1 or later to fix it.
How do I fix CVE-2024-21979 in ruby-jwt?
Update ruby-jwt to version 2.8.1 in your Gemfile. Run bundle install after updating to apply the fix.
Is CVE-2024-21979 being actively exploited?
Check the live CISA KEV catalog at packagefix.dev — PackageFix always reflects the current KEV status.
How do I check if I am affected by CVE-2024-21979?
Paste your Gemfile into PackageFix. If your installed version of ruby-jwt is below 2.8.1, you are affected. PackageFix shows the exact CVE ID and fix version.
What search queries does this page target?
This page covers: ruby-jwt CVE, JWT vulnerability Ruby, jwt gem security.