Description

Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.

Remediation

References

CVE-2019-17195

Related Vulnerabilities

e107 Credentials Management Errors Vulnerability (CVE-2013-7305)

Django Uncontrolled Resource Consumption Vulnerability (CVE-2019-14233)

Oracle Application Server Other Vulnerability (CVE-2002-0656)

MySQL CVE-2017-3463 Vulnerability (CVE-2017-3463)

Jetty Uncontrolled Resource Consumption Vulnerability (CVE-2021-28165)

Severity

Critical

Classification

CVE-2019-17195 CWE-754 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities