Nimbus Jose+jwt@* Security Vulnerabilities and Issues — Nimbus Jose+jwt@* CVE List

Lucene search

Connect2idNimbus Jose+jwt*

3 matches found

CVE•added 2024/02/11 5:15 a.m.•6519 views

CVE-2023-52428

In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.

7.5CVSS6.3AI score0.00078EPSS

CVE•added 2019/10/15 2:15 p.m.•277 views

CVE-2019-17195

Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.

9.8CVSS9.2AI score0.1232EPSS

CVE•added 2025/07/11 3:16 a.m.•39 views

CVE-2025-53864

Connect2id Nimbus JOSE + JWT before 10.0.2 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2id product could have checked the J...

5.8CVSS7.1AI score0.00125EPSS