Connect2id Nimbus Jose+jwt — known CVE vulnerabilities
Every CVE whose affected-product data names Connect2id Nimbus Jose+jwt, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2019-17195 — CVSS 9.8 (critical): Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application…
CVE-2017-12972 — CVSS 7.5 (high): In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers…
CVE-2017-12974 — CVSS 7.5 (high): Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ensuring that the public x and y coordinates are on the specified…
CVE-2023-52428 — CVSS 7.5 (high): In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header…
CVE-2017-12973 — CVSS 3.1 (low): Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows…