Connect2id Nimbus_jose\+jwt
5 CVEs affecting Connect2id Nimbus_jose\+jwt. Latest disclosed: 2024-02-11. Critical: 1, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2019-17195 | Critical | 9.8 | 2019-10-15 | Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential informa… |
CVE-2023-52428 | High | 7.5 | 2024-02-11 | In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration c… |
CVE-2017-12974 | High | 7.5 | 2017-08-20 | Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows atta… |
CVE-2017-12972 | High | 7.5 | 2017-08-20 | In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC byp… |
CVE-2017-12973 | Low | 3.1 | 2017-08-20 | Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a pad… |