Nimbus Jose+jwt@* Security Vulnerabilities and Issues — Nimbus Jose+jwt@* CVE List

Lucene search

Connect2idNimbus Jose+jwt*

2 matches found

CVE•added 2024/02/11 5:15 a.m.•6569 views

CVE-2023-52428

In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.

7.5CVSS6.3AI score0.00078EPSS

CVE•added 2019/10/15 2:15 p.m.•294 views

CVE-2019-17195

Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.

9.8CVSS9.2AI score0.11339EPSS