Description
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
Published: 2019-10-15
Score: 9.8 Critical
EPSS: 3.0% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

No analysis available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-f6vf-pq8c-69m4 Improper Check for Unusual or Exceptional Conditions in Connect2id Nimbus JOSE+JWT
References
Link Providers
https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/SECURITY-CHANGELOG.txt cve-icon cve-icon
https://connect2id.com/blog/nimbus-jose-jwt-7-9 cve-icon cve-icon
https://lists.apache.org/thread.html/8768553cda5838f59ee3865cac546e824fa740e82d9dc2a7fc44e80d%40%3Ccommon-dev.hadoop.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/e10d43984f39327e443e875adcd4a5049193a7c010e81971908caf41%40%3Ccommon-issues.hadoop.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r2667286c8ceffaf893b16829b9612d8f7c4ee6b30362c6c1b583e3c2%40%3Ccommits.druid.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r33dc233634aedb04fa77db3eb79ea12d15ca4da89fa46a1c585ecb0b%40%3Ccommits.druid.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r35f6301a3e6a56259224786dd9c2a935ba27ff6b494d15a3b66efe6a%40%3Cdev.avro.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/r5e08837e695efd36be73510ce58ec05785dbcea077819d8acc2d990d%40%3Ccommits.druid.apache.org%3E cve-icon cve-icon
https://lists.apache.org/thread.html/rcac26c2d4df22341fa6ebbfe93ba1eff77d2dcd3f6106a1dc1f9ac98%40%3Cdev.avro.apache.org%3E cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2019-17195 cve-icon
https://www.cve.org/CVERecord?id=CVE-2019-17195 cve-icon
https://www.oracle.com//security-alerts/cpujul2021.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuApr2021.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuapr2020.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuapr2022.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpujan2021.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpujan2022.html cve-icon cve-icon
https://www.oracle.com/security-alerts/cpuoct2021.html cve-icon cve-icon
History

No history.

Subscriptions

Apache Hadoop
Connect2id Nimbus Jose\+jwt
Oracle Communications Cloud Native Core Security Edge Protection Proxy Communications Pricing Design Center Data Integrator Enterprise Manager Base Platform Healthcare Data Repository Insurance Policy Administration Jd Edwards Enterpriseone Orchestrator Jd Edwards Enterpriseone Tools Peoplesoft Enterprise Peopletools Policy Automation Primavera Gateway Solaris Cluster Weblogic Server
Redhat Enterprise Linux Rhev Manager
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-05T01:33:17.304Z

Reserved: 2019-10-05T00:00:00.000Z

Link: CVE-2019-17195

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-10-15T14:15:12.380

Modified: 2024-11-21T04:31:50.293

Link: CVE-2019-17195

cve-icon Redhat

Severity : Moderate

Publid Date: 2019-10-15T00:00:00Z

Links: CVE-2019-17195 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses