Description
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
Remediation
References
Related Vulnerabilities
Dolibarr Improper Authentication Vulnerability (CVE-2020-7995)
MySQL CVE-2015-4807 Vulnerability (CVE-2015-4807)
WordPress Plugin GD bbPress Attachments Cross-Site Scripting (2.5)
WordPress Plugin JobSearch WP Job Board Cross-Site Scripting (1.5.4)
WordPress 'post.php' Cross-Site Scripting Vulnerability (1.5)