7 matches found
EUVD-2022-4754
Malicious code in bioql PyPI...
Improper Verification of Cryptographic Signature in Nimbus JOSE+JWT
Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack in environments where the JCE provider lacks the applicable curve validation...
Input validation
Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack in environments where the JCE provider lacks the applicable curve validation...
CVE-2017-12974
Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack in environments where the JCE provider lacks the applicable curve validation...
CVE-2017-12974
Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack in environments where the JCE provider lacks the applicable curve validation...
CVE-2017-12974
CVE-2017-12974 is a confirmed Nimbus JOSE+JWT vulnerability where ECKey construction proceeds without validating that public x/y coordinates lie on the specified curve, enabling an Invalid Curve Attack in environments lacking curve validation. Connected documents confirm this issue across multipl...
CVE-2017-12974
Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack in environments where the JCE provider lacks the applicable curve validation...