Skip to main content

Nimbus Jose Jwt

4 CVEs product

Monthly

CVE-2019-17195 Maven CRITICAL PATCH Act Now

Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Information Disclosure Nimbus Jose Jwt Hadoop Communications Cloud Native Core Security Edge Protection Proxy +12
NVD
CVSS 3.1
9.8
EPSS
11.0%
CVE-2017-12974 Maven HIGH PATCH This Week

Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Nimbus Jose Jwt
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2017-12973 Maven LOW PATCH Monitor

Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Oracle Nimbus Jose Jwt
NVD
CVSS 3.0
3.1
EPSS
0.2%
CVE-2017-12972 Maven HIGH PATCH This Week

In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Nimbus Jose Jwt
NVD
CVSS 3.0
7.5
EPSS
0.2%
EPSS 11% CVSS 9.8
CRITICAL PATCH Act Now

Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Information Disclosure Nimbus Jose Jwt +14
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Jwt Attack Nimbus Jose Jwt
NVD
EPSS 0% CVSS 3.1
LOW PATCH Monitor

Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Oracle Nimbus Jose Jwt
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Nimbus Jose Jwt
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy