Search criteria
15 vulnerabilities found for nimbus_jose\+jwt by connect2id
FKIE_CVE-2023-52428
Vulnerability from fkie_nvd - Published: 2024-02-11 05:15 - Updated: 2024-11-21 08:39
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| connect2id | nimbus_jose\+jwt | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B33B5D00-0BBE-409A-B453-E9124F17CF99",
"versionEndExcluding": "9.37.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component."
},
{
"lang": "es",
"value": "En Connect2id Nimbus JOSE+JWT anterior a 9.37.2, un atacante puede provocar una denegaci\u00f3n de servicio (consumo de recursos) a trav\u00e9s de un valor de encabezado JWE p2c grande (tambi\u00e9n conocido como recuento de iteraciones) para el componente PasswordBasedDecrypter (PBKDF2)."
}
],
"id": "CVE-2023-52428",
"lastModified": "2024-11-21T08:39:43.963",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-02-11T05:15:08.383",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/3b3b77e"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/526/"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://connect2id.com/products/nimbus-jose-jwt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/3b3b77e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/526/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://connect2id.com/products/nimbus-jose-jwt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-770"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2019-17195
Vulnerability from fkie_nvd - Published: 2019-10-15 14:15 - Updated: 2024-11-21 04:31
Severity ?
Summary
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| connect2id | nimbus_jose\+jwt | * | |
| apache | hadoop | 3.2.1 | |
| oracle | communications_cloud_native_core_security_edge_protection_proxy | 1.7.0 | |
| oracle | communications_pricing_design_center | 12.0.0.3.0 | |
| oracle | data_integrator | 12.2.1.4.0 | |
| oracle | enterprise_manager_base_platform | 13.4.0.0 | |
| oracle | healthcare_data_repository | 8.1.0 | |
| oracle | insurance_policy_administration | * | |
| oracle | jd_edwards_enterpriseone_orchestrator | * | |
| oracle | jd_edwards_enterpriseone_tools | * | |
| oracle | peoplesoft_enterprise_peopletools | 8.58 | |
| oracle | peoplesoft_enterprise_peopletools | 8.59 | |
| oracle | policy_automation | * | |
| oracle | primavera_gateway | * | |
| oracle | primavera_gateway | 19.12.0 | |
| oracle | solaris_cluster | 4.0 | |
| oracle | weblogic_server | 12.2.1.3.0 | |
| oracle | weblogic_server | 12.2.1.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB9A6F74-1242-4469-A93A-868688427450",
"versionEndExcluding": "7.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:hadoop:3.2.1:-:*:*:*:*:*:*",
"matchCriteriaId": "B88C6164-4361-433D-9B88-3E039CC039AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BD4349FE-EEF8-489A-8ABF-5FCD55EC6DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7B49D71-6A31-497A-B6A9-06E84F086E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FADE563-5AAA-42FF-B43F-35B20A2386C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66C673C4-A825-46C0-816B-103E1C058D03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8E883986-13DA-470F-95C4-BEBD0EDFEB9C",
"versionEndIncluding": "11.3.1",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B2A0A4A6-70D3-418B-80EA-04718C50C500",
"versionEndIncluding": "9.2.5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E561CFF-BB8A-4CFD-916D-4410A9265922",
"versionEndIncluding": "9.2.5.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
"matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "225A30A4-90FD-4B3A-80C4-9871294C318E",
"versionEndIncluding": "12.2.22",
"versionStartIncluding": "12.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53E2276C-9515-46F6-A621-213A3047B9A6",
"versionEndIncluding": "18.8.11",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B201A85E-1310-46B8-8A3B-FF7675F84E09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:solaris_cluster:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87A83709-4D38-4844-8928-0C2D6F2033BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass."
},
{
"lang": "es",
"value": "Connect2id Nimbus JOSE+JWT versiones anteriores a v7.9, puede arrojar varias excepciones no captadas al analizar un JWT, lo que podr\u00eda resultar en un bloqueo de la aplicaci\u00f3n (potencial divulgaci\u00f3n de informaci\u00f3n) o una posible omisi\u00f3n de autenticaci\u00f3n."
}
],
"id": "CVE-2019-17195",
"lastModified": "2024-11-21T04:31:50.293",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-15T14:15:12.380",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/SECURITY-CHANGELOG.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://connect2id.com/blog/nimbus-jose-jwt-7-9"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/8768553cda5838f59ee3865cac546e824fa740e82d9dc2a7fc44e80d%40%3Ccommon-dev.hadoop.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/e10d43984f39327e443e875adcd4a5049193a7c010e81971908caf41%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r2667286c8ceffaf893b16829b9612d8f7c4ee6b30362c6c1b583e3c2%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r33dc233634aedb04fa77db3eb79ea12d15ca4da89fa46a1c585ecb0b%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r35f6301a3e6a56259224786dd9c2a935ba27ff6b494d15a3b66efe6a%40%3Cdev.avro.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r5e08837e695efd36be73510ce58ec05785dbcea077819d8acc2d990d%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rcac26c2d4df22341fa6ebbfe93ba1eff77d2dcd3f6106a1dc1f9ac98%40%3Cdev.avro.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/SECURITY-CHANGELOG.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://connect2id.com/blog/nimbus-jose-jwt-7-9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/8768553cda5838f59ee3865cac546e824fa740e82d9dc2a7fc44e80d%40%3Ccommon-dev.hadoop.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/e10d43984f39327e443e875adcd4a5049193a7c010e81971908caf41%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r2667286c8ceffaf893b16829b9612d8f7c4ee6b30362c6c1b583e3c2%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r33dc233634aedb04fa77db3eb79ea12d15ca4da89fa46a1c585ecb0b%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r35f6301a3e6a56259224786dd9c2a935ba27ff6b494d15a3b66efe6a%40%3Cdev.avro.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5e08837e695efd36be73510ce58ec05785dbcea077819d8acc2d990d%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rcac26c2d4df22341fa6ebbfe93ba1eff77d2dcd3f6106a1dc1f9ac98%40%3Cdev.avro.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-12974
Vulnerability from fkie_nvd - Published: 2017-08-20 16:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack in environments where the JCE provider lacks the applicable curve validation.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D2BDED-6749-4862-9D2D-54D871BDC8F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C7AD668-E307-4B4A-9BE8-E837DE4F717C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF9F006-8B1B-4448-8778-423A6A1F3DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9523DEE0-8CCF-49C4-B0DA-C9EF243D4B09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7206DFE0-70A4-4E06-BE7F-D8FA8C62A094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A91050A7-FAE4-4080-B53C-F77420CBF9FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B7E63FFD-9C37-4AFD-843E-2ED4235EE399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4DE00EFF-9045-4D30-AFA5-BFF0EDEF91B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AFC1A72-B7A1-42D3-BA3E-C009F041692D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7891E427-B4D0-4E4A-9F5B-4A9122B72ED4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A76765-2D77-4C79-9E0E-B6A613835F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC445F4-0859-4287-A22F-361CB2F3D037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "84BA3A10-0631-41B3-930E-D56A0AE6A273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "43E3F6F8-7EDD-4D5B-8805-41DDE054BEA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCE3E9B7-C835-461E-ADD7-D45FBB5A71F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A5B2D3A-EEF6-4147-A779-44E02AB395C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "71010D0A-F4E0-4935-8809-F8E995BFA86C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "41465ADD-A6B9-4F80-80EF-B636997EA707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F8CA64-C93D-43E4-8EB4-3D4797008DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36364548-4CE5-467A-BA83-5E742AB2593C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "46518146-4629-4ACD-B313-339BCB30F1A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1C5455-5B5E-4BDE-8AA3-9F64A85912EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "45973290-BB00-4376-A965-1A49CAC438E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1BAB53-F7B9-4D29-88AA-C661E7899CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B0193A1C-E481-401C-B6EB-AC519FD26B67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7B82D5-29EE-422D-B1E4-B3F6397307F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2848658B-357A-4DAF-9B03-ACFBC3FAF0EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB464C1-DA4B-44ED-A412-810B9AA189E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "431AD7BC-0959-4FEB-955A-9D194224DFB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4063DCC0-C019-49B2-8FBC-3C6E002D271B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A58E19F-C057-45FD-AB6D-8E0B3C3435F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2634E6C8-BC82-4108-B56D-A54215D5CBEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "848C9121-0AD9-48CC-AFEF-A31F31486F3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "396692A2-8D0D-41FB-AC89-860113B5095E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02F670A4-E4E8-4FE9-8BDB-5FB9B87EA476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB27BDBF-0174-49F3-9E0B-763C3295ED5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "43B070AE-3C83-45BA-BA17-23CF14C01BA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "62E42F44-32C1-42C4-95AE-6B39CBE8215E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03B6591B-133D-4D26-975E-CB7BACAAAB53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B43E0F8B-851B-47DE-9756-93B7F289C853",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "899B28A8-9399-4D4A-A148-3D6A370235E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB4503D-6395-419E-A114-B919C80C676C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "38364B69-9544-4DFE-8005-257966E0A118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "B2877D83-1126-40CF-B537-6A59E79B4432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A94B0B2A-D953-448E-895E-7B64EC527A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF5F7D4-413D-4BB3-8E91-DA63B4A4EB49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "7A5200FE-DB3C-4AA7-9A2C-E897B57B94C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "48EA3A68-BB92-40C8-A499-3A355CC0C2BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8918A7A3-0CBA-4CA2-9F6D-EA077747E004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "4C686C25-7B32-4100-8A45-A74F71DBAE58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "09D27567-5D24-4213-B02E-49F17F738D5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "D22B26BE-378A-4A19-BF62-C88236D798D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "3184E5FE-9689-4036-84A5-96E368EFA4CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "419FFF5B-29E7-44E1-9B24-6FB7C2FC2E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "080D89F9-2CC0-44C7-A23D-268658708AA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F362B31F-A7A0-4BEF-A51D-51A7E465486D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6E57CA1D-10EE-4C07-A67A-52B9AAA95335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F422D307-57B2-4FA5-814C-441E5C229159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "96DA3D0D-7782-42DA-AAA2-DE44B2B67360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5894378-A2F7-4BE0-8C31-D9B8CE98A7F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "978B4A23-8F2F-494C-957B-BCFD72FAD731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D0985B2D-A96C-484A-B693-54C746024386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A722D35B-1B21-42BC-A408-7437C9CEC5FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB5F53D-F786-45C5-A3E6-D20501F6AE41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F095DBDD-265E-4603-868E-8C4E3DCD5532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38CD047F-EFC2-47CE-A405-B107EEDCC46C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "963A6125-A5D7-4113-83D6-2C3C88F241B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "41D46507-7624-446D-B75C-F1D2F9716EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D76BC618-1F55-4FCB-A97C-616AC36F3C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F6912C07-AF3F-44F4-964C-419C5AC1C8B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CCF903D4-539F-4AA6-A30E-52022F06B8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAE6CF55-5C3F-4FB1-BC85-68CF5B8C42F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B7AA70-C87D-4900-8DD6-A522A47EDDF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7927D451-07DB-4414-99DB-80DD9598F2EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "874C9354-4C0B-4F05-8B04-196ECFF983B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F309097C-98E3-467E-A1ED-92C25620F54A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA6D9F-DD84-42A8-88E5-FDF049722825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12957562-6B96-4482-A4DB-A08B396F3B65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "231EE0FC-E5A8-4BB5-A913-36F2C0C0E3C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "750AAE75-42C4-4C0D-8F12-64DEB7A3C0E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1B0E66-5556-4F95-9B65-EF7235A5F249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99DE57AC-021B-432D-AC88-5233E79CA3E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D71EC2F3-E793-48A4-956A-B9E097ED4FF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "10E92D26-7241-453C-A72B-134EAFE123C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "427A87D9-5DFC-46BF-8CD2-E5EAF5B0E0D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8FB0A69F-E99A-4E9F-9533-3B0498CE0F62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD474EC-34E4-480E-A6D6-E38AA45A024E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7D5DC51A-99A4-4F80-A969-08CD423576EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A46F965D-BF09-4834-80B1-3BD43B5319AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD3F3776-7963-4FF2-8E14-8530F8DF5B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "CEBB3337-A2BB-4795-8500-4A7DA2513B3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "284AD842-9C1D-4B59-A265-55F86F4B6F36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF725FA-FC45-45F4-8109-796CC0D56D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "085AA1DF-FB71-4663-BF34-E91180FC3822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "68601D0B-E05A-478F-AB8B-61432036DC43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB3F14BD-7BE0-42EE-A895-804DCAD108C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "561929A8-4D82-429E-908F-DECA493F3237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAD6C3B2-DFD4-4E4A-AB7E-C4CCA81431BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ED7261E1-4125-45C7-980D-256950A7B886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F27DFF6F-E3BD-4F1B-8E4A-3DB33F98EE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "86416AA0-CCD5-4780-8A41-724C7AAC9A79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "247027A4-E5EA-4584-9A3E-8F62987123D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "69E0DB99-22D1-4AE4-BD9F-78F55D19D400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB4D8B7-F73E-4B38-86A3-0656E6A2191F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "07686354-6652-4FFE-9BBC-905F8AD5632F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "B77C8B71-BC12-4645-AB1C-893F28F07414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "0C72D36D-2E37-446C-AE45-1433F2BF6449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "149B96B8-1DEB-4620-8C2D-D03A593D5ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "62A3D07E-40B7-4730-A666-640FE212A964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "77A42AAD-E7BA-434C-816E-9C606AE66CE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "5095CB6A-7159-498D-9E0A-36245B7D7EB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.27.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BFDA0B1-1B68-49CE-9AF2-FD8F62441317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.28:*:*:*:*:*:*:*",
"matchCriteriaId": "17270178-8541-412C-AE9D-7ADE694DB39C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.29:*:*:*:*:*:*:*",
"matchCriteriaId": "EE6ECBB9-F71E-4E04-8C1E-349650DE2F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "D6AFDEAF-CD55-495A-9B12-F131FE454FD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "6A39BB9C-2183-45DA-8236-D31125B447BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.31.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D62612F6-5774-4EAA-ACC1-A837256163FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.32:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDB6684-DF68-4334-ADB4-484731DAEE61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.33:*:*:*:*:*:*:*",
"matchCriteriaId": "842555FA-61DC-40C1-AE26-319E10D63D52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D15C6517-0B9B-4C36-BD34-80D7803FACCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.34.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D632C03-C8BE-4C2F-AB6C-D3ED55869D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.34.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C0A77CA-FF6D-44DB-9476-1DF4F473C3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.35:*:*:*:*:*:*:*",
"matchCriteriaId": "F3BAF720-023A-4563-AD85-6CB70772A02F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack in environments where the JCE provider lacks the applicable curve validation."
},
{
"lang": "es",
"value": "Nimbus JOSE+JWT en versiones anteriores a la 4.36 procede con la construcci\u00f3n ECKey sin asegurarse de que las coordenadas p\u00fablicas x e y est\u00e1n en la curva especificada. Esto permite que los atacantes lleven a cabo un ataque de curva no v\u00e1lida en entornos en los que el proveedor JCE no cuenta con la validaci\u00f3n de curva aplicable."
}
],
"id": "CVE-2017-12974",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-20T16:29:00.313",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/f3a7a801f0c6b078899fed9226368eb7b44e2b2f"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/217/explicit-check-for-ec-public-key-on-curve"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/f3a7a801f0c6b078899fed9226368eb7b44e2b2f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/217/explicit-check-for-ec-public-key-on-curve"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-12973
Vulnerability from fkie_nvd - Published: 2017-08-20 16:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912 | Patch, Third Party Advisory | |
| cve@mitre.org | https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac | Third Party Advisory | |
| cve@mitre.org | https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt | Release Notes, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt | Release Notes, Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D2BDED-6749-4862-9D2D-54D871BDC8F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C7AD668-E307-4B4A-9BE8-E837DE4F717C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF9F006-8B1B-4448-8778-423A6A1F3DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9523DEE0-8CCF-49C4-B0DA-C9EF243D4B09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7206DFE0-70A4-4E06-BE7F-D8FA8C62A094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A91050A7-FAE4-4080-B53C-F77420CBF9FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B7E63FFD-9C37-4AFD-843E-2ED4235EE399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4DE00EFF-9045-4D30-AFA5-BFF0EDEF91B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AFC1A72-B7A1-42D3-BA3E-C009F041692D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7891E427-B4D0-4E4A-9F5B-4A9122B72ED4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A76765-2D77-4C79-9E0E-B6A613835F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC445F4-0859-4287-A22F-361CB2F3D037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "84BA3A10-0631-41B3-930E-D56A0AE6A273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "43E3F6F8-7EDD-4D5B-8805-41DDE054BEA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCE3E9B7-C835-461E-ADD7-D45FBB5A71F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A5B2D3A-EEF6-4147-A779-44E02AB395C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "71010D0A-F4E0-4935-8809-F8E995BFA86C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "41465ADD-A6B9-4F80-80EF-B636997EA707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F8CA64-C93D-43E4-8EB4-3D4797008DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36364548-4CE5-467A-BA83-5E742AB2593C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "46518146-4629-4ACD-B313-339BCB30F1A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1C5455-5B5E-4BDE-8AA3-9F64A85912EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "45973290-BB00-4376-A965-1A49CAC438E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1BAB53-F7B9-4D29-88AA-C661E7899CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B0193A1C-E481-401C-B6EB-AC519FD26B67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7B82D5-29EE-422D-B1E4-B3F6397307F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2848658B-357A-4DAF-9B03-ACFBC3FAF0EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB464C1-DA4B-44ED-A412-810B9AA189E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "431AD7BC-0959-4FEB-955A-9D194224DFB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4063DCC0-C019-49B2-8FBC-3C6E002D271B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A58E19F-C057-45FD-AB6D-8E0B3C3435F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2634E6C8-BC82-4108-B56D-A54215D5CBEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "848C9121-0AD9-48CC-AFEF-A31F31486F3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "396692A2-8D0D-41FB-AC89-860113B5095E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02F670A4-E4E8-4FE9-8BDB-5FB9B87EA476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB27BDBF-0174-49F3-9E0B-763C3295ED5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "43B070AE-3C83-45BA-BA17-23CF14C01BA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "62E42F44-32C1-42C4-95AE-6B39CBE8215E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03B6591B-133D-4D26-975E-CB7BACAAAB53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B43E0F8B-851B-47DE-9756-93B7F289C853",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "899B28A8-9399-4D4A-A148-3D6A370235E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB4503D-6395-419E-A114-B919C80C676C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "38364B69-9544-4DFE-8005-257966E0A118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "B2877D83-1126-40CF-B537-6A59E79B4432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A94B0B2A-D953-448E-895E-7B64EC527A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF5F7D4-413D-4BB3-8E91-DA63B4A4EB49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "7A5200FE-DB3C-4AA7-9A2C-E897B57B94C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "48EA3A68-BB92-40C8-A499-3A355CC0C2BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8918A7A3-0CBA-4CA2-9F6D-EA077747E004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "4C686C25-7B32-4100-8A45-A74F71DBAE58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "09D27567-5D24-4213-B02E-49F17F738D5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "D22B26BE-378A-4A19-BF62-C88236D798D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "3184E5FE-9689-4036-84A5-96E368EFA4CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "419FFF5B-29E7-44E1-9B24-6FB7C2FC2E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "080D89F9-2CC0-44C7-A23D-268658708AA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F362B31F-A7A0-4BEF-A51D-51A7E465486D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6E57CA1D-10EE-4C07-A67A-52B9AAA95335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F422D307-57B2-4FA5-814C-441E5C229159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "96DA3D0D-7782-42DA-AAA2-DE44B2B67360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5894378-A2F7-4BE0-8C31-D9B8CE98A7F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "978B4A23-8F2F-494C-957B-BCFD72FAD731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D0985B2D-A96C-484A-B693-54C746024386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A722D35B-1B21-42BC-A408-7437C9CEC5FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB5F53D-F786-45C5-A3E6-D20501F6AE41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F095DBDD-265E-4603-868E-8C4E3DCD5532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38CD047F-EFC2-47CE-A405-B107EEDCC46C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "963A6125-A5D7-4113-83D6-2C3C88F241B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "41D46507-7624-446D-B75C-F1D2F9716EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D76BC618-1F55-4FCB-A97C-616AC36F3C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F6912C07-AF3F-44F4-964C-419C5AC1C8B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CCF903D4-539F-4AA6-A30E-52022F06B8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAE6CF55-5C3F-4FB1-BC85-68CF5B8C42F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B7AA70-C87D-4900-8DD6-A522A47EDDF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7927D451-07DB-4414-99DB-80DD9598F2EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "874C9354-4C0B-4F05-8B04-196ECFF983B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F309097C-98E3-467E-A1ED-92C25620F54A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA6D9F-DD84-42A8-88E5-FDF049722825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12957562-6B96-4482-A4DB-A08B396F3B65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "231EE0FC-E5A8-4BB5-A913-36F2C0C0E3C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "750AAE75-42C4-4C0D-8F12-64DEB7A3C0E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1B0E66-5556-4F95-9B65-EF7235A5F249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99DE57AC-021B-432D-AC88-5233E79CA3E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D71EC2F3-E793-48A4-956A-B9E097ED4FF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "10E92D26-7241-453C-A72B-134EAFE123C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "427A87D9-5DFC-46BF-8CD2-E5EAF5B0E0D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8FB0A69F-E99A-4E9F-9533-3B0498CE0F62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD474EC-34E4-480E-A6D6-E38AA45A024E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7D5DC51A-99A4-4F80-A969-08CD423576EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A46F965D-BF09-4834-80B1-3BD43B5319AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD3F3776-7963-4FF2-8E14-8530F8DF5B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "CEBB3337-A2BB-4795-8500-4A7DA2513B3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "284AD842-9C1D-4B59-A265-55F86F4B6F36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF725FA-FC45-45F4-8109-796CC0D56D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "085AA1DF-FB71-4663-BF34-E91180FC3822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "68601D0B-E05A-478F-AB8B-61432036DC43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB3F14BD-7BE0-42EE-A895-804DCAD108C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "561929A8-4D82-429E-908F-DECA493F3237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAD6C3B2-DFD4-4E4A-AB7E-C4CCA81431BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ED7261E1-4125-45C7-980D-256950A7B886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F27DFF6F-E3BD-4F1B-8E4A-3DB33F98EE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "86416AA0-CCD5-4780-8A41-724C7AAC9A79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "247027A4-E5EA-4584-9A3E-8F62987123D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "69E0DB99-22D1-4AE4-BD9F-78F55D19D400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB4D8B7-F73E-4B38-86A3-0656E6A2191F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "07686354-6652-4FFE-9BBC-905F8AD5632F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "B77C8B71-BC12-4645-AB1C-893F28F07414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "0C72D36D-2E37-446C-AE45-1433F2BF6449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "149B96B8-1DEB-4620-8C2D-D03A593D5ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "62A3D07E-40B7-4730-A666-640FE212A964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "77A42AAD-E7BA-434C-816E-9C606AE66CE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "5095CB6A-7159-498D-9E0A-36245B7D7EB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.27.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BFDA0B1-1B68-49CE-9AF2-FD8F62441317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.28:*:*:*:*:*:*:*",
"matchCriteriaId": "17270178-8541-412C-AE9D-7ADE694DB39C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.29:*:*:*:*:*:*:*",
"matchCriteriaId": "EE6ECBB9-F71E-4E04-8C1E-349650DE2F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "D6AFDEAF-CD55-495A-9B12-F131FE454FD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "6A39BB9C-2183-45DA-8236-D31125B447BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.31.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D62612F6-5774-4EAA-ACC1-A837256163FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.32:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDB6684-DF68-4334-ADB4-484731DAEE61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.33:*:*:*:*:*:*:*",
"matchCriteriaId": "842555FA-61DC-40C1-AE26-319E10D63D52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D15C6517-0B9B-4C36-BD34-80D7803FACCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.34.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D632C03-C8BE-4C2F-AB6C-D3ED55869D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.34.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C0A77CA-FF6D-44DB-9476-1DF4F473C3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.35:*:*:*:*:*:*:*",
"matchCriteriaId": "F3BAF720-023A-4563-AD85-6CB70772A02F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.36.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B1995BF-76DB-4DC9-8FBA-824D8C4793EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.37:*:*:*:*:*:*:*",
"matchCriteriaId": "CD399CAD-D6DB-4FED-B537-C857D40D0BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.37.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26AE6158-7F92-4873-A0E4-CC9701F6CA14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.38:*:*:*:*:*:*:*",
"matchCriteriaId": "FC3C9378-48D1-4BB1-86B6-C2EB1EE72D28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack."
},
{
"lang": "es",
"value": "Nimbus JOSE+JWT en versiones anteriores a la 4.39 procede de forma inadecuada tras detectar un HMAC no v\u00e1lido en un descifrado AES-CBC, lo que permite que atacantes lleven a cabo un ataque padding oracle."
}
],
"id": "CVE-2017-12973",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-20T16:29:00.283",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-354"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-12972
Vulnerability from fkie_nvd - Published: 2017-08-20 16:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D2BDED-6749-4862-9D2D-54D871BDC8F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C7AD668-E307-4B4A-9BE8-E837DE4F717C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EAF9F006-8B1B-4448-8778-423A6A1F3DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9523DEE0-8CCF-49C4-B0DA-C9EF243D4B09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7206DFE0-70A4-4E06-BE7F-D8FA8C62A094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A91050A7-FAE4-4080-B53C-F77420CBF9FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B7E63FFD-9C37-4AFD-843E-2ED4235EE399",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "4DE00EFF-9045-4D30-AFA5-BFF0EDEF91B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AFC1A72-B7A1-42D3-BA3E-C009F041692D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7891E427-B4D0-4E4A-9F5B-4A9122B72ED4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A76765-2D77-4C79-9E0E-B6A613835F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AEC445F4-0859-4287-A22F-361CB2F3D037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "84BA3A10-0631-41B3-930E-D56A0AE6A273",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "43E3F6F8-7EDD-4D5B-8805-41DDE054BEA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCE3E9B7-C835-461E-ADD7-D45FBB5A71F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8A5B2D3A-EEF6-4147-A779-44E02AB395C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "71010D0A-F4E0-4935-8809-F8E995BFA86C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "41465ADD-A6B9-4F80-80EF-B636997EA707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F8CA64-C93D-43E4-8EB4-3D4797008DF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "36364548-4CE5-467A-BA83-5E742AB2593C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "46518146-4629-4ACD-B313-339BCB30F1A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1C5455-5B5E-4BDE-8AA3-9F64A85912EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "45973290-BB00-4376-A965-1A49CAC438E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FE1BAB53-F7B9-4D29-88AA-C661E7899CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B0193A1C-E481-401C-B6EB-AC519FD26B67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CB7B82D5-29EE-422D-B1E4-B3F6397307F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "2848658B-357A-4DAF-9B03-ACFBC3FAF0EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1BB464C1-DA4B-44ED-A412-810B9AA189E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "431AD7BC-0959-4FEB-955A-9D194224DFB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4063DCC0-C019-49B2-8FBC-3C6E002D271B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7A58E19F-C057-45FD-AB6D-8E0B3C3435F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2634E6C8-BC82-4108-B56D-A54215D5CBEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "848C9121-0AD9-48CC-AFEF-A31F31486F3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "396692A2-8D0D-41FB-AC89-860113B5095E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "02F670A4-E4E8-4FE9-8BDB-5FB9B87EA476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EB27BDBF-0174-49F3-9E0B-763C3295ED5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "43B070AE-3C83-45BA-BA17-23CF14C01BA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "62E42F44-32C1-42C4-95AE-6B39CBE8215E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "03B6591B-133D-4D26-975E-CB7BACAAAB53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B43E0F8B-851B-47DE-9756-93B7F289C853",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "899B28A8-9399-4D4A-A148-3D6A370235E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB4503D-6395-419E-A114-B919C80C676C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "38364B69-9544-4DFE-8005-257966E0A118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "B2877D83-1126-40CF-B537-6A59E79B4432",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A94B0B2A-D953-448E-895E-7B64EC527A48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "9BF5F7D4-413D-4BB3-8E91-DA63B4A4EB49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "7A5200FE-DB3C-4AA7-9A2C-E897B57B94C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "48EA3A68-BB92-40C8-A499-3A355CC0C2BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8918A7A3-0CBA-4CA2-9F6D-EA077747E004",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "4C686C25-7B32-4100-8A45-A74F71DBAE58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "09D27567-5D24-4213-B02E-49F17F738D5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "D22B26BE-378A-4A19-BF62-C88236D798D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "3184E5FE-9689-4036-84A5-96E368EFA4CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:2.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "419FFF5B-29E7-44E1-9B24-6FB7C2FC2E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "080D89F9-2CC0-44C7-A23D-268658708AA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F362B31F-A7A0-4BEF-A51D-51A7E465486D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6E57CA1D-10EE-4C07-A67A-52B9AAA95335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F422D307-57B2-4FA5-814C-441E5C229159",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "96DA3D0D-7782-42DA-AAA2-DE44B2B67360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C5894378-A2F7-4BE0-8C31-D9B8CE98A7F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "978B4A23-8F2F-494C-957B-BCFD72FAD731",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D0985B2D-A96C-484A-B693-54C746024386",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A722D35B-1B21-42BC-A408-7437C9CEC5FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB5F53D-F786-45C5-A3E6-D20501F6AE41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F095DBDD-265E-4603-868E-8C4E3DCD5532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "38CD047F-EFC2-47CE-A405-B107EEDCC46C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "963A6125-A5D7-4113-83D6-2C3C88F241B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "41D46507-7624-446D-B75C-F1D2F9716EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D76BC618-1F55-4FCB-A97C-616AC36F3C58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "F6912C07-AF3F-44F4-964C-419C5AC1C8B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CCF903D4-539F-4AA6-A30E-52022F06B8B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAE6CF55-5C3F-4FB1-BC85-68CF5B8C42F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "A1B7AA70-C87D-4900-8DD6-A522A47EDDF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7927D451-07DB-4414-99DB-80DD9598F2EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "874C9354-4C0B-4F05-8B04-196ECFF983B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F309097C-98E3-467E-A1ED-92C25620F54A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72AA6D9F-DD84-42A8-88E5-FDF049722825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "12957562-6B96-4482-A4DB-A08B396F3B65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "231EE0FC-E5A8-4BB5-A913-36F2C0C0E3C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "750AAE75-42C4-4C0D-8F12-64DEB7A3C0E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "3C1B0E66-5556-4F95-9B65-EF7235A5F249",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99DE57AC-021B-432D-AC88-5233E79CA3E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D71EC2F3-E793-48A4-956A-B9E097ED4FF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "10E92D26-7241-453C-A72B-134EAFE123C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "427A87D9-5DFC-46BF-8CD2-E5EAF5B0E0D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8FB0A69F-E99A-4E9F-9533-3B0498CE0F62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "BBD474EC-34E4-480E-A6D6-E38AA45A024E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7D5DC51A-99A4-4F80-A969-08CD423576EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A46F965D-BF09-4834-80B1-3BD43B5319AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD3F3776-7963-4FF2-8E14-8530F8DF5B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "CEBB3337-A2BB-4795-8500-4A7DA2513B3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "284AD842-9C1D-4B59-A265-55F86F4B6F36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4CF725FA-FC45-45F4-8109-796CC0D56D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "085AA1DF-FB71-4663-BF34-E91180FC3822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.15:*:*:*:*:*:*:*",
"matchCriteriaId": "68601D0B-E05A-478F-AB8B-61432036DC43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB3F14BD-7BE0-42EE-A895-804DCAD108C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.16:*:*:*:*:*:*:*",
"matchCriteriaId": "561929A8-4D82-429E-908F-DECA493F3237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EAD6C3B2-DFD4-4E4A-AB7E-C4CCA81431BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "ED7261E1-4125-45C7-980D-256950A7B886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F27DFF6F-E3BD-4F1B-8E4A-3DB33F98EE94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.18:*:*:*:*:*:*:*",
"matchCriteriaId": "86416AA0-CCD5-4780-8A41-724C7AAC9A79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.19:*:*:*:*:*:*:*",
"matchCriteriaId": "247027A4-E5EA-4584-9A3E-8F62987123D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "69E0DB99-22D1-4AE4-BD9F-78F55D19D400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.21:*:*:*:*:*:*:*",
"matchCriteriaId": "7CB4D8B7-F73E-4B38-86A3-0656E6A2191F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "07686354-6652-4FFE-9BBC-905F8AD5632F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.23:*:*:*:*:*:*:*",
"matchCriteriaId": "B77C8B71-BC12-4645-AB1C-893F28F07414",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "0C72D36D-2E37-446C-AE45-1433F2BF6449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.25:*:*:*:*:*:*:*",
"matchCriteriaId": "149B96B8-1DEB-4620-8C2D-D03A593D5ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.26:*:*:*:*:*:*:*",
"matchCriteriaId": "62A3D07E-40B7-4730-A666-640FE212A964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.26.1:*:*:*:*:*:*:*",
"matchCriteriaId": "77A42AAD-E7BA-434C-816E-9C606AE66CE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.27:*:*:*:*:*:*:*",
"matchCriteriaId": "5095CB6A-7159-498D-9E0A-36245B7D7EB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.27.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4BFDA0B1-1B68-49CE-9AF2-FD8F62441317",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.28:*:*:*:*:*:*:*",
"matchCriteriaId": "17270178-8541-412C-AE9D-7ADE694DB39C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.29:*:*:*:*:*:*:*",
"matchCriteriaId": "EE6ECBB9-F71E-4E04-8C1E-349650DE2F49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "D6AFDEAF-CD55-495A-9B12-F131FE454FD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.31:*:*:*:*:*:*:*",
"matchCriteriaId": "6A39BB9C-2183-45DA-8236-D31125B447BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.31.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D62612F6-5774-4EAA-ACC1-A837256163FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.32:*:*:*:*:*:*:*",
"matchCriteriaId": "5FDB6684-DF68-4334-ADB4-484731DAEE61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.33:*:*:*:*:*:*:*",
"matchCriteriaId": "842555FA-61DC-40C1-AE26-319E10D63D52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.34:*:*:*:*:*:*:*",
"matchCriteriaId": "D15C6517-0B9B-4C36-BD34-80D7803FACCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.34.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6D632C03-C8BE-4C2F-AB6C-D3ED55869D8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.34.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C0A77CA-FF6D-44DB-9476-1DF4F473C3D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.35:*:*:*:*:*:*:*",
"matchCriteriaId": "F3BAF720-023A-4563-AD85-6CB70772A02F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.36.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B1995BF-76DB-4DC9-8FBA-824D8C4793EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.37:*:*:*:*:*:*:*",
"matchCriteriaId": "CD399CAD-D6DB-4FED-B537-C857D40D0BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.37.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26AE6158-7F92-4873-A0E4-CC9701F6CA14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:connect2id:nimbus_jose\\+jwt:4.38:*:*:*:*:*:*:*",
"matchCriteriaId": "FC3C9378-48D1-4BB1-86B6-C2EB1EE72D28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC."
},
{
"lang": "es",
"value": "En Nimbus JOSE+JWT en versiones anteriores a la 4.39 no hay comprobaci\u00f3n de desbordamiento de enteros al convertir valores de longitud de bytes a bits, lo que permite que atacantes lleven a cabo ataques de omisi\u00f3n HMAC mediante el cambio de Additional Authenticated Data (AAD) y texto cifrado. As\u00ed, se obtiene texto plano diferente a partir del mismo HMAC."
}
],
"id": "CVE-2017-12972",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-08-20T16:29:00.237",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/0d2bd649ea386539220d4facfe1f65eb1dadb86c"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/224/byte-to-bit-overflow-in-cbc"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/0d2bd649ea386539220d4facfe1f65eb1dadb86c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/224/byte-to-bit-overflow-in-cbc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-345"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-52428 (GCVE-0-2023-52428)
Vulnerability from cvelistv5 – Published: 2024-02-11 00:00 – Updated: 2024-10-30 19:50
VLAI?
Summary
In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52428",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T19:49:39.428104Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T19:50:55.784Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:55:41.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/526/"
},
{
"tags": [
"x_transferred"
],
"url": "https://connect2id.com/products/nimbus-jose-jwt"
},
{
"tags": [
"x_transferred"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/3b3b77e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-11T04:43:14.335876",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/526/"
},
{
"url": "https://connect2id.com/products/nimbus-jose-jwt"
},
{
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/3b3b77e"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-52428",
"datePublished": "2024-02-11T00:00:00",
"dateReserved": "2024-02-11T00:00:00",
"dateUpdated": "2024-10-30T19:50:55.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17195 (GCVE-0-2019-17195)
Vulnerability from cvelistv5 – Published: 2019-10-15 13:42 – Updated: 2024-08-05 01:33
VLAI?
Summary
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:17.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[hadoop-common-issues] 20191107 [jira] [Created] (HADOOP-16690) Update dependency com.nimbusds:nimbus-jose-jwt due to security vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/e10d43984f39327e443e875adcd4a5049193a7c010e81971908caf41%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-dev] 20191107 [jira] [Created] (HADOOP-16690) Update dependency com.nimbusds:nimbus-jose-jwt due to security vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/8768553cda5838f59ee3865cac546e824fa740e82d9dc2a7fc44e80d%40%3Ccommon-dev.hadoop.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/SECURITY-CHANGELOG.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://connect2id.com/blog/nimbus-jose-jwt-7-9"
},
{
"name": "[avro-dev] 20210415 [jira] [Created] (AVRO-3111) CVE-2019-17195",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcac26c2d4df22341fa6ebbfe93ba1eff77d2dcd3f6106a1dc1f9ac98%40%3Cdev.avro.apache.org%3E"
},
{
"name": "[avro-dev] 20210416 [jira] [Commented] (AVRO-3111) CVE-2019-17195",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r35f6301a3e6a56259224786dd9c2a935ba27ff6b494d15a3b66efe6a%40%3Cdev.avro.apache.org%3E"
},
{
"name": "[druid-commits] 20210506 [GitHub] [druid] jihoonson commented on a change in pull request #11215: Suppressing false positive CVE-2020-7791",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r33dc233634aedb04fa77db3eb79ea12d15ca4da89fa46a1c585ecb0b%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210506 [GitHub] [druid] maytasm commented on a change in pull request #11215: Suppressing false positive CVE-2020-7791",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2667286c8ceffaf893b16829b9612d8f7c4ee6b30362c6c1b583e3c2%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210507 [druid] branch 0.21.1 updated: Suppressing false positive CVE-2020-7791 (#11215) (#11217)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5e08837e695efd36be73510ce58ec05785dbcea077819d8acc2d990d%40%3Ccommits.druid.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:20:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[hadoop-common-issues] 20191107 [jira] [Created] (HADOOP-16690) Update dependency com.nimbusds:nimbus-jose-jwt due to security vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/e10d43984f39327e443e875adcd4a5049193a7c010e81971908caf41%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-dev] 20191107 [jira] [Created] (HADOOP-16690) Update dependency com.nimbusds:nimbus-jose-jwt due to security vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/8768553cda5838f59ee3865cac546e824fa740e82d9dc2a7fc44e80d%40%3Ccommon-dev.hadoop.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/SECURITY-CHANGELOG.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://connect2id.com/blog/nimbus-jose-jwt-7-9"
},
{
"name": "[avro-dev] 20210415 [jira] [Created] (AVRO-3111) CVE-2019-17195",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcac26c2d4df22341fa6ebbfe93ba1eff77d2dcd3f6106a1dc1f9ac98%40%3Cdev.avro.apache.org%3E"
},
{
"name": "[avro-dev] 20210416 [jira] [Commented] (AVRO-3111) CVE-2019-17195",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r35f6301a3e6a56259224786dd9c2a935ba27ff6b494d15a3b66efe6a%40%3Cdev.avro.apache.org%3E"
},
{
"name": "[druid-commits] 20210506 [GitHub] [druid] jihoonson commented on a change in pull request #11215: Suppressing false positive CVE-2020-7791",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r33dc233634aedb04fa77db3eb79ea12d15ca4da89fa46a1c585ecb0b%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210506 [GitHub] [druid] maytasm commented on a change in pull request #11215: Suppressing false positive CVE-2020-7791",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2667286c8ceffaf893b16829b9612d8f7c4ee6b30362c6c1b583e3c2%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210507 [druid] branch 0.21.1 updated: Suppressing false positive CVE-2020-7791 (#11215) (#11217)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5e08837e695efd36be73510ce58ec05785dbcea077819d8acc2d990d%40%3Ccommits.druid.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[hadoop-common-issues] 20191107 [jira] [Created] (HADOOP-16690) Update dependency com.nimbusds:nimbus-jose-jwt due to security vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/e10d43984f39327e443e875adcd4a5049193a7c010e81971908caf41@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-dev] 20191107 [jira] [Created] (HADOOP-16690) Update dependency com.nimbusds:nimbus-jose-jwt due to security vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/8768553cda5838f59ee3865cac546e824fa740e82d9dc2a7fc44e80d@%3Ccommon-dev.hadoop.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/SECURITY-CHANGELOG.txt",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/SECURITY-CHANGELOG.txt"
},
{
"name": "https://connect2id.com/blog/nimbus-jose-jwt-7-9",
"refsource": "CONFIRM",
"url": "https://connect2id.com/blog/nimbus-jose-jwt-7-9"
},
{
"name": "[avro-dev] 20210415 [jira] [Created] (AVRO-3111) CVE-2019-17195",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcac26c2d4df22341fa6ebbfe93ba1eff77d2dcd3f6106a1dc1f9ac98@%3Cdev.avro.apache.org%3E"
},
{
"name": "[avro-dev] 20210416 [jira] [Commented] (AVRO-3111) CVE-2019-17195",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r35f6301a3e6a56259224786dd9c2a935ba27ff6b494d15a3b66efe6a@%3Cdev.avro.apache.org%3E"
},
{
"name": "[druid-commits] 20210506 [GitHub] [druid] jihoonson commented on a change in pull request #11215: Suppressing false positive CVE-2020-7791",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r33dc233634aedb04fa77db3eb79ea12d15ca4da89fa46a1c585ecb0b@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210506 [GitHub] [druid] maytasm commented on a change in pull request #11215: Suppressing false positive CVE-2020-7791",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2667286c8ceffaf893b16829b9612d8f7c4ee6b30362c6c1b583e3c2@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210507 [druid] branch 0.21.1 updated: Suppressing false positive CVE-2020-7791 (#11215) (#11217)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5e08837e695efd36be73510ce58ec05785dbcea077819d8acc2d990d@%3Ccommits.druid.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17195",
"datePublished": "2019-10-15T13:42:34",
"dateReserved": "2019-10-05T00:00:00",
"dateUpdated": "2024-08-05T01:33:17.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12973 (GCVE-0-2017-12973)
Vulnerability from cvelistv5 – Published: 2017-08-20 16:00 – Updated: 2024-09-17 01:37
VLAI?
Summary
Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:07.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-20T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912"
},
{
"name": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac"
},
{
"name": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12973",
"datePublished": "2017-08-20T16:00:00Z",
"dateReserved": "2017-08-20T00:00:00Z",
"dateUpdated": "2024-09-17T01:37:10.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12972 (GCVE-0-2017-12972)
Vulnerability from cvelistv5 – Published: 2017-08-20 16:00 – Updated: 2024-08-05 18:51
VLAI?
Summary
In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:07.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/224/byte-to-bit-overflow-in-cbc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/0d2bd649ea386539220d4facfe1f65eb1dadb86c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-16T01:06:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/224/byte-to-bit-overflow-in-cbc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/0d2bd649ea386539220d4facfe1f65eb1dadb86c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/224/byte-to-bit-overflow-in-cbc",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/224/byte-to-bit-overflow-in-cbc"
},
{
"name": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/0d2bd649ea386539220d4facfe1f65eb1dadb86c"
},
{
"name": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12972",
"datePublished": "2017-08-20T16:00:00",
"dateReserved": "2017-08-20T00:00:00",
"dateUpdated": "2024-08-05T18:51:07.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12974 (GCVE-0-2017-12974)
Vulnerability from cvelistv5 – Published: 2017-08-20 16:00 – Updated: 2024-08-05 18:51
VLAI?
Summary
Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack in environments where the JCE provider lacks the applicable curve validation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:07.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/217/explicit-check-for-ec-public-key-on-curve"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/f3a7a801f0c6b078899fed9226368eb7b44e2b2f"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack in environments where the JCE provider lacks the applicable curve validation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-16T01:06:53",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/217/explicit-check-for-ec-public-key-on-curve"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/f3a7a801f0c6b078899fed9226368eb7b44e2b2f"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack in environments where the JCE provider lacks the applicable curve validation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/217/explicit-check-for-ec-public-key-on-curve",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/217/explicit-check-for-ec-public-key-on-curve"
},
{
"name": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt"
},
{
"name": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/f3a7a801f0c6b078899fed9226368eb7b44e2b2f",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/f3a7a801f0c6b078899fed9226368eb7b44e2b2f"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12974",
"datePublished": "2017-08-20T16:00:00",
"dateReserved": "2017-08-20T00:00:00",
"dateUpdated": "2024-08-05T18:51:07.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-52428 (GCVE-0-2023-52428)
Vulnerability from nvd – Published: 2024-02-11 00:00 – Updated: 2024-10-30 19:50
VLAI?
Summary
In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-52428",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T19:49:39.428104Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770 Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T19:50:55.784Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:55:41.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/526/"
},
{
"tags": [
"x_transferred"
],
"url": "https://connect2id.com/products/nimbus-jose-jwt"
},
{
"tags": [
"x_transferred"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/3b3b77e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-11T04:43:14.335876",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/526/"
},
{
"url": "https://connect2id.com/products/nimbus-jose-jwt"
},
{
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/3b3b77e"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-52428",
"datePublished": "2024-02-11T00:00:00",
"dateReserved": "2024-02-11T00:00:00",
"dateUpdated": "2024-10-30T19:50:55.784Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-17195 (GCVE-0-2019-17195)
Vulnerability from nvd – Published: 2019-10-15 13:42 – Updated: 2024-08-05 01:33
VLAI?
Summary
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:33:17.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[hadoop-common-issues] 20191107 [jira] [Created] (HADOOP-16690) Update dependency com.nimbusds:nimbus-jose-jwt due to security vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/e10d43984f39327e443e875adcd4a5049193a7c010e81971908caf41%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-dev] 20191107 [jira] [Created] (HADOOP-16690) Update dependency com.nimbusds:nimbus-jose-jwt due to security vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/8768553cda5838f59ee3865cac546e824fa740e82d9dc2a7fc44e80d%40%3Ccommon-dev.hadoop.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/SECURITY-CHANGELOG.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://connect2id.com/blog/nimbus-jose-jwt-7-9"
},
{
"name": "[avro-dev] 20210415 [jira] [Created] (AVRO-3111) CVE-2019-17195",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rcac26c2d4df22341fa6ebbfe93ba1eff77d2dcd3f6106a1dc1f9ac98%40%3Cdev.avro.apache.org%3E"
},
{
"name": "[avro-dev] 20210416 [jira] [Commented] (AVRO-3111) CVE-2019-17195",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r35f6301a3e6a56259224786dd9c2a935ba27ff6b494d15a3b66efe6a%40%3Cdev.avro.apache.org%3E"
},
{
"name": "[druid-commits] 20210506 [GitHub] [druid] jihoonson commented on a change in pull request #11215: Suppressing false positive CVE-2020-7791",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r33dc233634aedb04fa77db3eb79ea12d15ca4da89fa46a1c585ecb0b%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210506 [GitHub] [druid] maytasm commented on a change in pull request #11215: Suppressing false positive CVE-2020-7791",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2667286c8ceffaf893b16829b9612d8f7c4ee6b30362c6c1b583e3c2%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210507 [druid] branch 0.21.1 updated: Suppressing false positive CVE-2020-7791 (#11215) (#11217)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5e08837e695efd36be73510ce58ec05785dbcea077819d8acc2d990d%40%3Ccommits.druid.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:20:20",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[hadoop-common-issues] 20191107 [jira] [Created] (HADOOP-16690) Update dependency com.nimbusds:nimbus-jose-jwt due to security vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/e10d43984f39327e443e875adcd4a5049193a7c010e81971908caf41%40%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-dev] 20191107 [jira] [Created] (HADOOP-16690) Update dependency com.nimbusds:nimbus-jose-jwt due to security vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/8768553cda5838f59ee3865cac546e824fa740e82d9dc2a7fc44e80d%40%3Ccommon-dev.hadoop.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/SECURITY-CHANGELOG.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://connect2id.com/blog/nimbus-jose-jwt-7-9"
},
{
"name": "[avro-dev] 20210415 [jira] [Created] (AVRO-3111) CVE-2019-17195",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rcac26c2d4df22341fa6ebbfe93ba1eff77d2dcd3f6106a1dc1f9ac98%40%3Cdev.avro.apache.org%3E"
},
{
"name": "[avro-dev] 20210416 [jira] [Commented] (AVRO-3111) CVE-2019-17195",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r35f6301a3e6a56259224786dd9c2a935ba27ff6b494d15a3b66efe6a%40%3Cdev.avro.apache.org%3E"
},
{
"name": "[druid-commits] 20210506 [GitHub] [druid] jihoonson commented on a change in pull request #11215: Suppressing false positive CVE-2020-7791",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r33dc233634aedb04fa77db3eb79ea12d15ca4da89fa46a1c585ecb0b%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210506 [GitHub] [druid] maytasm commented on a change in pull request #11215: Suppressing false positive CVE-2020-7791",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2667286c8ceffaf893b16829b9612d8f7c4ee6b30362c6c1b583e3c2%40%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210507 [druid] branch 0.21.1 updated: Suppressing false positive CVE-2020-7791 (#11215) (#11217)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5e08837e695efd36be73510ce58ec05785dbcea077819d8acc2d990d%40%3Ccommits.druid.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-17195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[hadoop-common-issues] 20191107 [jira] [Created] (HADOOP-16690) Update dependency com.nimbusds:nimbus-jose-jwt due to security vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/e10d43984f39327e443e875adcd4a5049193a7c010e81971908caf41@%3Ccommon-issues.hadoop.apache.org%3E"
},
{
"name": "[hadoop-common-dev] 20191107 [jira] [Created] (HADOOP-16690) Update dependency com.nimbusds:nimbus-jose-jwt due to security vulnerability",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/8768553cda5838f59ee3865cac546e824fa740e82d9dc2a7fc44e80d@%3Ccommon-dev.hadoop.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/SECURITY-CHANGELOG.txt",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/SECURITY-CHANGELOG.txt"
},
{
"name": "https://connect2id.com/blog/nimbus-jose-jwt-7-9",
"refsource": "CONFIRM",
"url": "https://connect2id.com/blog/nimbus-jose-jwt-7-9"
},
{
"name": "[avro-dev] 20210415 [jira] [Created] (AVRO-3111) CVE-2019-17195",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rcac26c2d4df22341fa6ebbfe93ba1eff77d2dcd3f6106a1dc1f9ac98@%3Cdev.avro.apache.org%3E"
},
{
"name": "[avro-dev] 20210416 [jira] [Commented] (AVRO-3111) CVE-2019-17195",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r35f6301a3e6a56259224786dd9c2a935ba27ff6b494d15a3b66efe6a@%3Cdev.avro.apache.org%3E"
},
{
"name": "[druid-commits] 20210506 [GitHub] [druid] jihoonson commented on a change in pull request #11215: Suppressing false positive CVE-2020-7791",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r33dc233634aedb04fa77db3eb79ea12d15ca4da89fa46a1c585ecb0b@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210506 [GitHub] [druid] maytasm commented on a change in pull request #11215: Suppressing false positive CVE-2020-7791",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2667286c8ceffaf893b16829b9612d8f7c4ee6b30362c6c1b583e3c2@%3Ccommits.druid.apache.org%3E"
},
{
"name": "[druid-commits] 20210507 [druid] branch 0.21.1 updated: Suppressing false positive CVE-2020-7791 (#11215) (#11217)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5e08837e695efd36be73510ce58ec05785dbcea077819d8acc2d990d@%3Ccommits.druid.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-17195",
"datePublished": "2019-10-15T13:42:34",
"dateReserved": "2019-10-05T00:00:00",
"dateUpdated": "2024-08-05T01:33:17.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12973 (GCVE-0-2017-12973)
Vulnerability from nvd – Published: 2017-08-20 16:00 – Updated: 2024-09-17 01:37
VLAI?
Summary
Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:07.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-20T16:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912"
},
{
"name": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac"
},
{
"name": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12973",
"datePublished": "2017-08-20T16:00:00Z",
"dateReserved": "2017-08-20T00:00:00Z",
"dateUpdated": "2024-09-17T01:37:10.150Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12972 (GCVE-0-2017-12972)
Vulnerability from nvd – Published: 2017-08-20 16:00 – Updated: 2024-08-05 18:51
VLAI?
Summary
In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:07.371Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/224/byte-to-bit-overflow-in-cbc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/0d2bd649ea386539220d4facfe1f65eb1dadb86c"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-16T01:06:58",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/224/byte-to-bit-overflow-in-cbc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/0d2bd649ea386539220d4facfe1f65eb1dadb86c"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12972",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/224/byte-to-bit-overflow-in-cbc",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/224/byte-to-bit-overflow-in-cbc"
},
{
"name": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/0d2bd649ea386539220d4facfe1f65eb1dadb86c",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/0d2bd649ea386539220d4facfe1f65eb1dadb86c"
},
{
"name": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12972",
"datePublished": "2017-08-20T16:00:00",
"dateReserved": "2017-08-20T00:00:00",
"dateUpdated": "2024-08-05T18:51:07.371Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12974 (GCVE-0-2017-12974)
Vulnerability from nvd – Published: 2017-08-20 16:00 – Updated: 2024-08-05 18:51
VLAI?
Summary
Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack in environments where the JCE provider lacks the applicable curve validation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:07.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/217/explicit-check-for-ec-public-key-on-curve"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/f3a7a801f0c6b078899fed9226368eb7b44e2b2f"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-08-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack in environments where the JCE provider lacks the applicable curve validation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-16T01:06:53",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/217/explicit-check-for-ec-public-key-on-curve"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/f3a7a801f0c6b078899fed9226368eb7b44e2b2f"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe%40%3Ccommits.druid.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack in environments where the JCE provider lacks the applicable curve validation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/217/explicit-check-for-ec-public-key-on-curve",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/217/explicit-check-for-ec-public-key-on-curve"
},
{
"name": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt"
},
{
"name": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/f3a7a801f0c6b078899fed9226368eb7b44e2b2f",
"refsource": "CONFIRM",
"url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/f3a7a801f0c6b078899fed9226368eb7b44e2b2f"
},
{
"name": "[druid-commits] 20191115 [GitHub] [incubator-druid] ccaominh opened a new pull request #8878: Address security vulnerabilities",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12974",
"datePublished": "2017-08-20T16:00:00",
"dateReserved": "2017-08-20T00:00:00",
"dateUpdated": "2024-08-05T18:51:07.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}