Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/com.nimbusds/nimbus-jose-jwt@4.0-rc3

Type maven

Namespace com.nimbusds

Name nimbus-jose-jwt

Version 4.0-rc3

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 9.37.2

Latest_non_vulnerable_version 10.0.2

Affected_by_vulnerabilities

url VCID-449k-ksrz-sfhr

vulnerability_id VCID-449k-ksrz-sfhr

summary

Improper Validation of Integrity Check Value
Nimbus JOSE+JWT proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-12973

reference_id

reference_type

scores

value	0.00229
scoring_system	epss
scoring_elements	0.45742
published_at	2026-06-04T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.45814
published_at	2026-06-06T12:55:00Z

value	0.00229
scoring_system	epss
scoring_elements	0.4581
published_at	2026-06-05T12:55:00Z

value	0.00332
scoring_system	epss
scoring_elements	0.56393
published_at	2026-06-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-12973

reference_url

https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/6a29f10f723f406eb25555f55842c59a43a38912

reference_url

https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/223/aescbc-return-immediately-on-invalid-hmac

reference_url

https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-12973

reference_id

CVE-2017-12973

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-12973

reference_url

https://github.com/advisories/GHSA-jfmq-4g4m-99rh

reference_id

GHSA-jfmq-4g4m-99rh

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jfmq-4g4m-99rh

fixed_packages

url pkg:maven/com.nimbusds/nimbus-jose-jwt@4.39

purl pkg:maven/com.nimbusds/nimbus-jose-jwt@4.39

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kkfk-4pbd-k3aw

vulnerability	VCID-zpmh-8gfc-kbdr

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.nimbusds/nimbus-jose-jwt@4.39

aliases CVE-2017-12973, GHSA-jfmq-4g4m-99rh

risk_score 1.4

exploitability 0.5

weighted_severity 2.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-449k-ksrz-sfhr

url VCID-9jwc-w61k-nuet

vulnerability_id VCID-9jwc-w61k-nuet

summary

Insufficient Verification of Data Authenticity
There is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-12972

reference_id

reference_type

scores

value	0.00149
scoring_system	epss
scoring_elements	0.3514
published_at	2026-06-07T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.3627
published_at	2026-06-06T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.3626
published_at	2026-06-05T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.36166
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-12972

reference_url

https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/0d2bd649ea386539220d4facfe1f65eb1dadb86c

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/0d2bd649ea386539220d4facfe1f65eb1dadb86c

reference_url

https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/224/byte-to-bit-overflow-in-cbc

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/224/byte-to-bit-overflow-in-cbc

reference_url

https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt

reference_url

https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-12972

reference_id

CVE-2017-12972

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-12972

reference_url

https://github.com/advisories/GHSA-2qp9-wg27-9pcv

reference_id

GHSA-2qp9-wg27-9pcv

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2qp9-wg27-9pcv

fixed_packages

url pkg:maven/com.nimbusds/nimbus-jose-jwt@4.39

purl pkg:maven/com.nimbusds/nimbus-jose-jwt@4.39

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kkfk-4pbd-k3aw

vulnerability	VCID-zpmh-8gfc-kbdr

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.nimbusds/nimbus-jose-jwt@4.39

aliases CVE-2017-12972, GHSA-2qp9-wg27-9pcv

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9jwc-w61k-nuet

url VCID-kkfk-4pbd-k3aw

vulnerability_id VCID-kkfk-4pbd-k3aw

summary

Denial of Service in Connect2id Nimbus JOSE+JWT
In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52428.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-52428.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-52428

reference_id

reference_type

scores

value	0.00105
scoring_system	epss
scoring_elements	0.28123
published_at	2026-06-07T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28163
published_at	2026-06-06T12:55:00Z

value	0.00105
scoring_system	epss
scoring_elements	0.28213
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-52428

reference_url

https://bitbucket.org/connect2id/nimbus-jose-jwt

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bitbucket.org/connect2id/nimbus-jose-jwt

reference_url

https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/3b3b77e

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T19:49:39Z/

url

https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/3b3b77e

reference_url

https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/526

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/526

reference_url

https://connect2id.com/products/nimbus-jose-jwt

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T19:49:39Z/

url

https://connect2id.com/products/nimbus-jose-jwt

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2309764
reference_id	2309764
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2309764

reference_url

https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/526/

reference_id

526

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-30T19:49:39Z/

url

https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/526/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-52428

reference_id

CVE-2023-52428

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-52428

reference_url

https://github.com/advisories/GHSA-gvpg-vgmx-xg6w

reference_id

GHSA-gvpg-vgmx-xg6w

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-gvpg-vgmx-xg6w

reference_url	https://access.redhat.com/errata/RHSA-2024:8064
reference_id	RHSA-2024:8064
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8064

fixed_packages

url	pkg:maven/com.nimbusds/nimbus-jose-jwt@9.37.2
purl	pkg:maven/com.nimbusds/nimbus-jose-jwt@9.37.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/com.nimbusds/nimbus-jose-jwt@9.37.2

aliases CVE-2023-52428, GHSA-gvpg-vgmx-xg6w

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kkfk-4pbd-k3aw

url VCID-m7pb-cbbs-cqb7

vulnerability_id VCID-m7pb-cbbs-cqb7

summary

Improper Verification of Cryptographic Signature
Nimbus JOSE+JWT proceeds with `ECKey` construction without ensuring that the public `x` and `y` coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack in environments where the JCE provider lacks the applicable curve validation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-12974

reference_id

reference_type

scores

value	0.00141
scoring_system	epss
scoring_elements	0.33874
published_at	2026-06-04T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.33959
published_at	2026-06-07T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.33992
published_at	2026-06-06T12:55:00Z

value	0.00141
scoring_system	epss
scoring_elements	0.33977
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-12974

reference_url

https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/f3a7a801f0c6b078899fed9226368eb7b44e2b2f

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/f3a7a801f0c6b078899fed9226368eb7b44e2b2f

reference_url

https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/217/explicit-check-for-ec-public-key-on-curve

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/217/explicit-check-for-ec-public-key-on-curve

reference_url

https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/CHANGELOG.txt

reference_url

https://github.com/felx/nimbus-jose-jwt

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/felx/nimbus-jose-jwt

reference_url

https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/9317fd092b257a0815434b116a8af8daea6e920b6673f4fd5583d5fe@%3Ccommits.druid.apache.org%3E

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-12974

reference_id

CVE-2017-12974

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-12974

reference_url

https://github.com/advisories/GHSA-pfv2-37f7-9m6w

reference_id

GHSA-pfv2-37f7-9m6w

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-pfv2-37f7-9m6w

fixed_packages

url pkg:maven/com.nimbusds/nimbus-jose-jwt@4.36

purl pkg:maven/com.nimbusds/nimbus-jose-jwt@4.36

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-449k-ksrz-sfhr

vulnerability	VCID-9jwc-w61k-nuet

vulnerability	VCID-kkfk-4pbd-k3aw

vulnerability	VCID-zpmh-8gfc-kbdr

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.nimbusds/nimbus-jose-jwt@4.36

aliases CVE-2017-12974, GHSA-pfv2-37f7-9m6w

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m7pb-cbbs-cqb7

url VCID-zpmh-8gfc-kbdr

vulnerability_id VCID-zpmh-8gfc-kbdr

summary

Improper Handling of Exceptional Conditions
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17195.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17195.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-17195

reference_id

reference_type

scores

value	0.0427
scoring_system	epss
scoring_elements	0.89037
published_at	2026-06-06T12:55:00Z

value	0.0427
scoring_system	epss
scoring_elements	0.89036
published_at	2026-06-07T12:55:00Z

value	0.0427
scoring_system	epss
scoring_elements	0.89019
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-17195

reference_url

https://bitbucket.org/connect2id/nimbus-jose-jwt

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://bitbucket.org/connect2id/nimbus-jose-jwt

reference_url

https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/SECURITY-CHANGELOG.txt

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/SECURITY-CHANGELOG.txt

reference_url

https://connect2id.com/blog/nimbus-jose-jwt-7-9

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://connect2id.com/blog/nimbus-jose-jwt-7-9

reference_url

https://lists.apache.org/thread.html/8768553cda5838f59ee3865cac546e824fa740e82d9dc2a7fc44e80d@%3Ccommon-dev.hadoop.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/8768553cda5838f59ee3865cac546e824fa740e82d9dc2a7fc44e80d@%3Ccommon-dev.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/e10d43984f39327e443e875adcd4a5049193a7c010e81971908caf41@%3Ccommon-issues.hadoop.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/e10d43984f39327e443e875adcd4a5049193a7c010e81971908caf41@%3Ccommon-issues.hadoop.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r2667286c8ceffaf893b16829b9612d8f7c4ee6b30362c6c1b583e3c2@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r2667286c8ceffaf893b16829b9612d8f7c4ee6b30362c6c1b583e3c2@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r33dc233634aedb04fa77db3eb79ea12d15ca4da89fa46a1c585ecb0b@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r33dc233634aedb04fa77db3eb79ea12d15ca4da89fa46a1c585ecb0b@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r35f6301a3e6a56259224786dd9c2a935ba27ff6b494d15a3b66efe6a@%3Cdev.avro.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r35f6301a3e6a56259224786dd9c2a935ba27ff6b494d15a3b66efe6a@%3Cdev.avro.apache.org%3E

reference_url

https://lists.apache.org/thread.html/r5e08837e695efd36be73510ce58ec05785dbcea077819d8acc2d990d@%3Ccommits.druid.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/r5e08837e695efd36be73510ce58ec05785dbcea077819d8acc2d990d@%3Ccommits.druid.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rcac26c2d4df22341fa6ebbfe93ba1eff77d2dcd3f6106a1dc1f9ac98@%3Cdev.avro.apache.org%3E

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.apache.org/thread.html/rcac26c2d4df22341fa6ebbfe93ba1eff77d2dcd3f6106a1dc1f9ac98@%3Cdev.avro.apache.org%3E

reference_url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2020.html

reference_url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuApr2021.html

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2021.html

reference_url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujan2022.html

reference_url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com//security-alerts/cpujul2021.html

reference_url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuoct2021.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1764791
reference_id	1764791
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1764791

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-17195

reference_id

CVE-2019-17195

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-17195

reference_url

https://github.com/advisories/GHSA-f6vf-pq8c-69m4

reference_id

GHSA-f6vf-pq8c-69m4

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-f6vf-pq8c-69m4

reference_url	https://access.redhat.com/errata/RHSA-2020:1308
reference_id	RHSA-2020:1308
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:1308

fixed_packages

url pkg:maven/com.nimbusds/nimbus-jose-jwt@7.9

purl pkg:maven/com.nimbusds/nimbus-jose-jwt@7.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-kkfk-4pbd-k3aw

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.nimbusds/nimbus-jose-jwt@7.9

aliases CVE-2019-17195, GHSA-f6vf-pq8c-69m4

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zpmh-8gfc-kbdr

Fixing_vulnerabilities

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/com.nimbusds/nimbus-jose-jwt@4.0-rc3

Package Instance