Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing - Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service

Summary Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. Following IBM® Engineering Lifecycle Management product is...

Linux Distros Unpatched Vulnerability : CVE-2025-53864

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Connect2id Nimbus JOSE + JWT 10.0.x before 10.0.2 and 9.37.x before 9.37.4 allows a remote attacker to cause a denial of service via a deeply nested JSON object...

com.nimbusds/nimbus-jose-jwt: Uncontrolled recursion in Connect2id Nimbus JOSE + JWT

A denial of service flaw has been discovered in Connect2id Nimbus JOSE + JWT. This issue can allow a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set...

nimbus-jose-jwt: large JWE p2c header value causes Denial of Service

A vulnerability was found in the Nimbus Jose JWT package. By crafting a JWE with an excessively large p2c value, an attacker can trigger significant resource consumption during decryption, potentially leading to application slowdown or unavailability...

nimbus-jose-jwt: large JWE p2c header value causes Denial of Service

A vulnerability was found in the Nimbus Jose JWT package. By crafting a JWE with an excessively large p2c value, an attacker can trigger significant resource consumption during decryption, potentially leading to application slowdown or unavailability...

Connect2id Nimbus JOSE+JWT Security Vulnerability

Connect2id Nimbus JOSE+JWT is a Java-based open source JWT JSON Web Tokens implementation from Connect2id. A security vulnerability exists in Connect2id Nimbus JOSE+JWT versions prior to 9.37.2 that stems from an attacker being able to cause a denial of service via a header value...

PT-2024-3099 · Atlassian +1 · Confluence Data Center/Server +4

Name of the Vulnerable Software and Affected Versions: Connect2id Nimbus JOSE+JWT versions prior to 9.37.2 Confluence Data Center and Server versions prior to 7.19.23 Confluence Data Center and Server versions prior to 8.5.11 Confluence Data Center and Server versions prior to 8.6.2 Confluence Da...

The vulnerability of the HMAC component of the Nimbus JOSE + JWT Java library, which allows attackers to disclose protected information

The vulnerability of the HMAC component of the Nimbus JOSE + JWT Java library is related to the lack of integrity checks. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose the protected information...

Nimbus JOSE+JWT Security Bypass Vulnerability

Nimbus JOSE+JWT is an open source Java library . Nimbus JOSE+JWT fails to perform integer overflow detection, allowing remote attackers to exploit vulnerabilities to perform HMAC bypass attacks by sniffing AAD and ciphertext...

Nimbus JOSE+JWT Invalid Curve Attack Information Disclosure Vulnerability

Nimbus JOSE+JWT is an open source Java library . A security vulnerability exists in Nimbus JOSE+JWT, which allows attackers to exploit the vulnerability to submit specially crafted requests, perform Invalid Curve attacks, and obtain sensitive information...