Description
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
Remediation
References
Related Vulnerabilities
e107 Credentials Management Errors Vulnerability (CVE-2013-7305)
Django Uncontrolled Resource Consumption Vulnerability (CVE-2019-14233)
Oracle Application Server Other Vulnerability (CVE-2002-0656)
MySQL CVE-2017-3463 Vulnerability (CVE-2017-3463)
Jetty Uncontrolled Resource Consumption Vulnerability (CVE-2021-28165)