Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/com.nimbusds/nimbus-jose-jwt@4.17
Typemaven
Namespacecom.nimbusds
Namenimbus-jose-jwt
Version4.17
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version9.37.2
Latest_non_vulnerable_version10.0.2
Affected_by_vulnerabilities
0
url VCID-2c4k-cujv-abdt
vulnerability_id VCID-2c4k-cujv-abdt
summary 
Improper Verification of Cryptographic Signature
Nimbus JOSE+JWT proceeds with `ECKey` construction without ensuring that the public `x` and `y` coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack in environments where the JCE provider lacks the applicable curve validation.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12974
reference_id
reference_type
scores
0
value 0.00199
scoring_system epss
scoring_elements 0.41959
published_at 2026-04-08T12:55:00Z
1
value 0.00199
scoring_system epss
scoring_elements 0.41963
published_at 2026-04-18T12:55:00Z
2
value 0.00199
scoring_system epss
scoring_elements 0.41991
published_at 2026-04-16T12:55:00Z
3
value 0.00199
scoring_system epss
scoring_elements 0.41941
published_at 2026-04-13T12:55:00Z
4
value 0.00199
scoring_system epss
scoring_elements 0.41994
published_at 2026-04-11T12:55:00Z
5
value 0.00199
scoring_system epss
scoring_elements 0.4197
published_at 2026-04-09T12:55:00Z
6
value 0.00199
scoring_system epss
scoring_elements 0.4189
published_at 2026-04-01T12:55:00Z
7
value 0.00199
scoring_system epss
scoring_elements 0.41954
published_at 2026-04-02T12:55:00Z
8
value 0.00199
scoring_system epss
scoring_elements 0.41982
published_at 2026-04-04T12:55:00Z
9
value 0.00199
scoring_system epss
scoring_elements 0.41909
published_at 2026-04-07T12:55:00Z
10
value 0.00199
scoring_system epss
scoring_elements 0.41956
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12974
1
reference_url https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/f3a7a801f0c6b078899fed9226368eb7b44e2b2f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/f3a7a801f0c6b078899fed9226368eb7b44e2b2f
2
reference_url https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/217/explicit-check-for-ec-public-key-on-curve
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/217/explicit-check-for-ec-public-key-on-curve
3
reference_url https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt
4
reference_url https://github.com/felx/nimbus-jose-jwt
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/felx/nimbus-jose-jwt
5
reference_url https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12974
reference_id CVE-2017-12974
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-12974
7
reference_url https://github.com/advisories/GHSA-pfv2-37f7-9m6w
reference_id GHSA-pfv2-37f7-9m6w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-pfv2-37f7-9m6w
fixed_packages
0
url pkg:maven/com.nimbusds/nimbus-jose-jwt@4.36
purl pkg:maven/com.nimbusds/nimbus-jose-jwt@4.36
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ut92-ya9x-dybz
1
vulnerability VCID-v9st-5q6q-73f5
2
vulnerability VCID-vyx8-csfk-nqd1
3
vulnerability VCID-w663-rgr4-ekdg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.nimbusds/nimbus-jose-jwt@4.36
aliases CVE-2017-12974, GHSA-pfv2-37f7-9m6w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2c4k-cujv-abdt
1
url VCID-ut92-ya9x-dybz
vulnerability_id VCID-ut92-ya9x-dybz
summary 
Improper Validation of Integrity Check Value
Nimbus JOSE+JWT proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12973
reference_id
reference_type
scores
0
value 0.00332
scoring_system epss
scoring_elements 0.5615
published_at 2026-04-18T12:55:00Z
1
value 0.00332
scoring_system epss
scoring_elements 0.55975
published_at 2026-04-01T12:55:00Z
2
value 0.00332
scoring_system epss
scoring_elements 0.56086
published_at 2026-04-07T12:55:00Z
3
value 0.00332
scoring_system epss
scoring_elements 0.56106
published_at 2026-04-04T12:55:00Z
4
value 0.00332
scoring_system epss
scoring_elements 0.56137
published_at 2026-04-08T12:55:00Z
5
value 0.00332
scoring_system epss
scoring_elements 0.56142
published_at 2026-04-09T12:55:00Z
6
value 0.00332
scoring_system epss
scoring_elements 0.56153
published_at 2026-04-11T12:55:00Z
7
value 0.00332
scoring_system epss
scoring_elements 0.5613
published_at 2026-04-12T12:55:00Z
8
value 0.00332
scoring_system epss
scoring_elements 0.56114
published_at 2026-04-13T12:55:00Z
9
value 0.00332
scoring_system epss
scoring_elements 0.56148
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12973
1
reference_url https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912
2
reference_url https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac
3
reference_url https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt
reference_id
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12973
reference_id CVE-2017-12973
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-12973
5
reference_url https://github.com/advisories/GHSA-jfmq-4g4m-99rh
reference_id GHSA-jfmq-4g4m-99rh
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jfmq-4g4m-99rh
fixed_packages
0
url pkg:maven/com.nimbusds/nimbus-jose-jwt@4.39
purl pkg:maven/com.nimbusds/nimbus-jose-jwt@4.39
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vyx8-csfk-nqd1
1
vulnerability VCID-w663-rgr4-ekdg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.nimbusds/nimbus-jose-jwt@4.39
aliases CVE-2017-12973, GHSA-jfmq-4g4m-99rh
risk_score 1.4
exploitability 0.5
weighted_severity 2.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ut92-ya9x-dybz
2
url VCID-v9st-5q6q-73f5
vulnerability_id VCID-v9st-5q6q-73f5
summary 
Insufficient Verification of Data Authenticity
There is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-12972
reference_id
reference_type
scores
0
value 0.00149
scoring_system epss
scoring_elements 0.35397
published_at 2026-04-18T12:55:00Z
1
value 0.00149
scoring_system epss
scoring_elements 0.35247
published_at 2026-04-01T12:55:00Z
2
value 0.00149
scoring_system epss
scoring_elements 0.35448
published_at 2026-04-02T12:55:00Z
3
value 0.00149
scoring_system epss
scoring_elements 0.35473
published_at 2026-04-04T12:55:00Z
4
value 0.00149
scoring_system epss
scoring_elements 0.35357
published_at 2026-04-07T12:55:00Z
5
value 0.00149
scoring_system epss
scoring_elements 0.35403
published_at 2026-04-08T12:55:00Z
6
value 0.00149
scoring_system epss
scoring_elements 0.35428
published_at 2026-04-09T12:55:00Z
7
value 0.00149
scoring_system epss
scoring_elements 0.35435
published_at 2026-04-11T12:55:00Z
8
value 0.00149
scoring_system epss
scoring_elements 0.35393
published_at 2026-04-12T12:55:00Z
9
value 0.00149
scoring_system epss
scoring_elements 0.35371
published_at 2026-04-13T12:55:00Z
10
value 0.00149
scoring_system epss
scoring_elements 0.3541
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-12972
1
reference_url https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/0d2bd649ea386539220d4facfe1f65eb1dadb86c
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/0d2bd649ea386539220d4facfe1f65eb1dadb86c
2
reference_url https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/224/byte-to-bit-overflow-in-cbc
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/224/byte-to-bit-overflow-in-cbc
3
reference_url https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt
4
reference_url https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-12972
reference_id CVE-2017-12972
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2017-12972
6
reference_url https://github.com/advisories/GHSA-2qp9-wg27-9pcv
reference_id GHSA-2qp9-wg27-9pcv
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2qp9-wg27-9pcv
fixed_packages
0
url pkg:maven/com.nimbusds/nimbus-jose-jwt@4.39
purl pkg:maven/com.nimbusds/nimbus-jose-jwt@4.39
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vyx8-csfk-nqd1
1
vulnerability VCID-w663-rgr4-ekdg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.nimbusds/nimbus-jose-jwt@4.39
aliases CVE-2017-12972, GHSA-2qp9-wg27-9pcv
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v9st-5q6q-73f5
3
url VCID-vyx8-csfk-nqd1
vulnerability_id VCID-vyx8-csfk-nqd1
summary 
Improper Check for Unusual or Exceptional Conditions in Connect2id Nimbus JOSE+JWT
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17195.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17195.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2019-17195
reference_id
reference_type
scores
0
value 0.03008
scoring_system epss
scoring_elements 0.86608
published_at 2026-04-18T12:55:00Z
1
value 0.03008
scoring_system epss
scoring_elements 0.86602
published_at 2026-04-16T12:55:00Z
2
value 0.03008
scoring_system epss
scoring_elements 0.86588
published_at 2026-04-13T12:55:00Z
3
value 0.03008
scoring_system epss
scoring_elements 0.86596
published_at 2026-04-12T12:55:00Z
4
value 0.03008
scoring_system epss
scoring_elements 0.86599
published_at 2026-04-11T12:55:00Z
5
value 0.03008
scoring_system epss
scoring_elements 0.86584
published_at 2026-04-09T12:55:00Z
6
value 0.03008
scoring_system epss
scoring_elements 0.86574
published_at 2026-04-08T12:55:00Z
7
value 0.03008
scoring_system epss
scoring_elements 0.86555
published_at 2026-04-07T12:55:00Z
8
value 0.03008
scoring_system epss
scoring_elements 0.86537
published_at 2026-04-02T12:55:00Z
9
value 0.03008
scoring_system epss
scoring_elements 0.86526
published_at 2026-04-01T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2019-17195
2
reference_url https://bitbucket.org/connect2id/nimbus-jose-jwt
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/connect2id/nimbus-jose-jwt
3
reference_url https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/SECURITY-CHANGELOG.txt
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/SECURITY-CHANGELOG.txt
4
reference_url https://connect2id.com/blog/nimbus-jose-jwt-7-9
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://connect2id.com/blog/nimbus-jose-jwt-7-9
5
reference_url https://lists.apache.org/thread.html/8768553cda5838f59ee3865cac546e824fa740e82d9dc2a7fc44e80d@%3Ccommon-dev.hadoop.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/8768553cda5838f59ee3865cac546e824fa740e82d9dc2a7fc44e80d@%3Ccommon-dev.hadoop.apache.org%3E
6
reference_url https://lists.apache.org/thread.html/8768553cda5838f59ee3865cac546e824fa740e82d9dc2a7fc44e80d%40%3Ccommon-dev.hadoop.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/8768553cda5838f59ee3865cac546e824fa740e82d9dc2a7fc44e80d%40%3Ccommon-dev.hadoop.apache.org%3E
7
reference_url https://lists.apache.org/thread.html/e10d43984f39327e443e875adcd4a5049193a7c010e81971908caf41@%3Ccommon-issues.hadoop.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/e10d43984f39327e443e875adcd4a5049193a7c010e81971908caf41@%3Ccommon-issues.hadoop.apache.org%3E
8
reference_url https://lists.apache.org/thread.html/e10d43984f39327e443e875adcd4a5049193a7c010e81971908caf41%40%3Ccommon-issues.hadoop.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/e10d43984f39327e443e875adcd4a5049193a7c010e81971908caf41%40%3Ccommon-issues.hadoop.apache.org%3E
9
reference_url https://lists.apache.org/thread.html/r2667286c8ceffaf893b16829b9612d8f7c4ee6b30362c6c1b583e3c2@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r2667286c8ceffaf893b16829b9612d8f7c4ee6b30362c6c1b583e3c2@%3Ccommits.druid.apache.org%3E
10
reference_url https://lists.apache.org/thread.html/r2667286c8ceffaf893b16829b9612d8f7c4ee6b30362c6c1b583e3c2%40%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r2667286c8ceffaf893b16829b9612d8f7c4ee6b30362c6c1b583e3c2%40%3Ccommits.druid.apache.org%3E
11
reference_url https://lists.apache.org/thread.html/r33dc233634aedb04fa77db3eb79ea12d15ca4da89fa46a1c585ecb0b@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r33dc233634aedb04fa77db3eb79ea12d15ca4da89fa46a1c585ecb0b@%3Ccommits.druid.apache.org%3E
12
reference_url https://lists.apache.org/thread.html/r33dc233634aedb04fa77db3eb79ea12d15ca4da89fa46a1c585ecb0b%40%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r33dc233634aedb04fa77db3eb79ea12d15ca4da89fa46a1c585ecb0b%40%3Ccommits.druid.apache.org%3E
13
reference_url https://lists.apache.org/thread.html/r35f6301a3e6a56259224786dd9c2a935ba27ff6b494d15a3b66efe6a@%3Cdev.avro.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r35f6301a3e6a56259224786dd9c2a935ba27ff6b494d15a3b66efe6a@%3Cdev.avro.apache.org%3E
14
reference_url https://lists.apache.org/thread.html/r35f6301a3e6a56259224786dd9c2a935ba27ff6b494d15a3b66efe6a%40%3Cdev.avro.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r35f6301a3e6a56259224786dd9c2a935ba27ff6b494d15a3b66efe6a%40%3Cdev.avro.apache.org%3E
15
reference_url https://lists.apache.org/thread.html/r5e08837e695efd36be73510ce58ec05785dbcea077819d8acc2d990d@%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/r5e08837e695efd36be73510ce58ec05785dbcea077819d8acc2d990d@%3Ccommits.druid.apache.org%3E
16
reference_url https://lists.apache.org/thread.html/r5e08837e695efd36be73510ce58ec05785dbcea077819d8acc2d990d%40%3Ccommits.druid.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/r5e08837e695efd36be73510ce58ec05785dbcea077819d8acc2d990d%40%3Ccommits.druid.apache.org%3E
17
reference_url https://lists.apache.org/thread.html/rcac26c2d4df22341fa6ebbfe93ba1eff77d2dcd3f6106a1dc1f9ac98@%3Cdev.avro.apache.org%3E
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://lists.apache.org/thread.html/rcac26c2d4df22341fa6ebbfe93ba1eff77d2dcd3f6106a1dc1f9ac98@%3Cdev.avro.apache.org%3E
18
reference_url https://lists.apache.org/thread.html/rcac26c2d4df22341fa6ebbfe93ba1eff77d2dcd3f6106a1dc1f9ac98%40%3Cdev.avro.apache.org%3E
reference_id
reference_type
scores
url https://lists.apache.org/thread.html/rcac26c2d4df22341fa6ebbfe93ba1eff77d2dcd3f6106a1dc1f9ac98%40%3Cdev.avro.apache.org%3E
19
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-17195
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv2
scoring_elements AV:N/AC:M/Au:N/C:P/I:P/A:P
1
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2019-17195
20
reference_url https://www.oracle.com/security-alerts/cpuapr2020.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2020.html
21
reference_url https://www.oracle.com/security-alerts/cpuApr2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuApr2021.html
22
reference_url https://www.oracle.com/security-alerts/cpuapr2022.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuapr2022.html
23
reference_url https://www.oracle.com/security-alerts/cpujan2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2021.html
24
reference_url https://www.oracle.com/security-alerts/cpujan2022.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpujan2022.html
25
reference_url https://www.oracle.com//security-alerts/cpujul2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com//security-alerts/cpujul2021.html
26
reference_url https://www.oracle.com/security-alerts/cpuoct2021.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.oracle.com/security-alerts/cpuoct2021.html
27
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1764791
reference_id 1764791
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1764791
28
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.2.1:-:*:*:*:*:*:*
reference_id cpe:2.3:a:apache:hadoop:3.2.1:-:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:hadoop:3.2.1:-:*:*:*:*:*:*
29
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:connect2id:nimbus_jose\+jwt:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:connect2id:nimbus_jose\+jwt:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:connect2id:nimbus_jose\+jwt:*:*:*:*:*:*:*:*
30
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*
31
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*
32
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*
33
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*
34
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:*
35
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*
36
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*
37
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*
38
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*
39
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*
40
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*
41
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*
42
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:primavera_gateway:19.12.0:*:*:*:*:*:*:*
43
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:solaris_cluster:4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:solaris_cluster:4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:solaris_cluster:4.0:*:*:*:*:*:*:*
44
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*
45
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
reference_id cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
46
reference_url https://github.com/advisories/GHSA-f6vf-pq8c-69m4
reference_id GHSA-f6vf-pq8c-69m4
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f6vf-pq8c-69m4
47
reference_url https://access.redhat.com/errata/RHSA-2020:1308
reference_id RHSA-2020:1308
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:1308
fixed_packages
0
url pkg:maven/com.nimbusds/nimbus-jose-jwt@7.9
purl pkg:maven/com.nimbusds/nimbus-jose-jwt@7.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-w663-rgr4-ekdg
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.nimbusds/nimbus-jose-jwt@7.9
aliases CVE-2019-17195, GHSA-f6vf-pq8c-69m4
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vyx8-csfk-nqd1
4
url VCID-w663-rgr4-ekdg
vulnerability_id VCID-w663-rgr4-ekdg
summary 
Denial of Service in Connect2id Nimbus JOSE+JWT
In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52428.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52428.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-52428
reference_id
reference_type
scores
0
value 0.00105
scoring_system epss
scoring_elements 0.28591
published_at 2026-04-18T12:55:00Z
1
value 0.00105
scoring_system epss
scoring_elements 0.28725
published_at 2026-04-02T12:55:00Z
2
value 0.00105
scoring_system epss
scoring_elements 0.28773
published_at 2026-04-04T12:55:00Z
3
value 0.00105
scoring_system epss
scoring_elements 0.2858
published_at 2026-04-07T12:55:00Z
4
value 0.00105
scoring_system epss
scoring_elements 0.28646
published_at 2026-04-08T12:55:00Z
5
value 0.00105
scoring_system epss
scoring_elements 0.28686
published_at 2026-04-09T12:55:00Z
6
value 0.00105
scoring_system epss
scoring_elements 0.28687
published_at 2026-04-11T12:55:00Z
7
value 0.00105
scoring_system epss
scoring_elements 0.28643
published_at 2026-04-12T12:55:00Z
8
value 0.00105
scoring_system epss
scoring_elements 0.28596
published_at 2026-04-13T12:55:00Z
9
value 0.00105
scoring_system epss
scoring_elements 0.28616
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-52428
2
reference_url https://bitbucket.org/connect2id/nimbus-jose-jwt
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/connect2id/nimbus-jose-jwt
3
reference_url https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/3b3b77e
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T19:49:39Z/
url https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/3b3b77e
4
reference_url https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/526
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/526
5
reference_url https://connect2id.com/products/nimbus-jose-jwt
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T19:49:39Z/
url https://connect2id.com/products/nimbus-jose-jwt
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-52428
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-52428
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2309764
reference_id 2309764
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2309764
8
reference_url https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/526/
reference_id 526
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T19:49:39Z/
url https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/526/
9
reference_url https://github.com/advisories/GHSA-gvpg-vgmx-xg6w
reference_id GHSA-gvpg-vgmx-xg6w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gvpg-vgmx-xg6w
10
reference_url https://access.redhat.com/errata/RHSA-2024:8064
reference_id RHSA-2024:8064
reference_type
scores
url https://access.redhat.com/errata/RHSA-2024:8064
fixed_packages
0
url pkg:maven/com.nimbusds/nimbus-jose-jwt@9.37.2
purl pkg:maven/com.nimbusds/nimbus-jose-jwt@9.37.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.nimbusds/nimbus-jose-jwt@9.37.2
aliases CVE-2023-52428, GHSA-gvpg-vgmx-xg6w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-w663-rgr4-ekdg
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/com.nimbusds/nimbus-jose-jwt@4.17