Description
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2015-0371 Vulnerability (CVE-2015-0371)
Coppermine Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-3481)
WordPress Plugin Google XML Sitemap for Videos Cross-Site Request Forgery (2.6.1)
WordPress Plugin Drag and Drop Multiple File Upload-Contact Form 7 Arbitrary File Upload (1.3.5.4)