Description
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
Remediation
References
Related Vulnerabilities
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1734)
Apache Tomcat Other Vulnerability (CVE-2003-0044)
WordPress Plugin Coming Soon Page & Maintenance Mode Cross-Site Request Forgery (1.7.8)
WordPress Improper Authentication Vulnerability (CVE-2022-43504)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-2190)