VulnerableCode Package Details - pkg:maven/com.nimbusds/nimbus-jose-jwt@4.33

Search for packages

Vulnerability	Summary	Fixed by
VCID-2c4k-cujv-abdt Aliases: CVE-2017-12974 GHSA-pfv2-37f7-9m6w	Improper Verification of Cryptographic Signature Nimbus JOSE+JWT proceeds with `ECKey` construction without ensuring that the public `x` and `y` coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack in environments where the JCE provider lacks the applicable curve validation.	4.36 Affected by 4 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ut92-ya9x-dybz Aliases: CVE-2017-12973 GHSA-jfmq-4g4m-99rh	Improper Validation of Integrity Check Value Nimbus JOSE+JWT proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.	4.39 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-v9st-5q6q-73f5 Aliases: CVE-2017-12972 GHSA-2qp9-wg27-9pcv	Insufficient Verification of Data Authenticity There is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC.	4.39 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-vyx8-csfk-nqd1 Aliases: CVE-2019-17195 GHSA-f6vf-pq8c-69m4	Improper Check for Unusual or Exceptional Conditions in Connect2id Nimbus JOSE+JWT Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.	7.9 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-w663-rgr4-ekdg Aliases: CVE-2023-52428 GHSA-gvpg-vgmx-xg6w	Denial of Service in Connect2id Nimbus JOSE+JWT In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.	9.37.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-2c4k-cujv-abdt
Aliases:
CVE-2017-12974
GHSA-pfv2-37f7-9m6w

Improper Verification of Cryptographic Signature Nimbus JOSE+JWT proceeds with `ECKey` construction without ensuring that the public `x` and `y` coordinates are on the specified curve, which allows attackers to conduct an Invalid Curve Attack in environments where the JCE provider lacks the applicable curve validation.

4.36
Affected by 4 other vulnerabilities.

VCID-ut92-ya9x-dybz
Aliases:
CVE-2017-12973
GHSA-jfmq-4g4m-99rh

Improper Validation of Integrity Check Value Nimbus JOSE+JWT proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.

4.39
Affected by 2 other vulnerabilities.

VCID-v9st-5q6q-73f5
Aliases:
CVE-2017-12972
GHSA-2qp9-wg27-9pcv

Insufficient Verification of Data Authenticity There is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC.

4.39
Affected by 2 other vulnerabilities.

VCID-vyx8-csfk-nqd1
Aliases:
CVE-2019-17195
GHSA-f6vf-pq8c-69m4

Improper Check for Unusual or Exceptional Conditions in Connect2id Nimbus JOSE+JWT Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.

7.9
Affected by 1 other vulnerability.

VCID-w663-rgr4-ekdg
Aliases:
CVE-2023-52428
GHSA-gvpg-vgmx-xg6w

Denial of Service in Connect2id Nimbus JOSE+JWT In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.

9.37.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:50:33.481010+00:00	GitLab Importer	Affected by	VCID-w663-rgr4-ekdg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2023-52428.yml	38.4.0
2026-04-16T20:58:01.214296+00:00	GitLab Importer	Affected by	VCID-vyx8-csfk-nqd1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2019-17195.yml	38.4.0
2026-04-16T20:37:50.850709+00:00	GitLab Importer	Affected by	VCID-2c4k-cujv-abdt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2017-12974.yml	38.4.0
2026-04-16T20:37:50.406093+00:00	GitLab Importer	Affected by	VCID-v9st-5q6q-73f5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2017-12972.yml	38.4.0
2026-04-16T20:37:49.955241+00:00	GitLab Importer	Affected by	VCID-ut92-ya9x-dybz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2017-12973.yml	38.4.0
2026-04-12T00:09:58.914441+00:00	GitLab Importer	Affected by	VCID-w663-rgr4-ekdg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2023-52428.yml	38.3.0
2026-04-11T22:09:07.574209+00:00	GitLab Importer	Affected by	VCID-vyx8-csfk-nqd1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2019-17195.yml	38.3.0
2026-04-11T21:48:29.468915+00:00	GitLab Importer	Affected by	VCID-2c4k-cujv-abdt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2017-12974.yml	38.3.0
2026-04-11T21:48:28.950866+00:00	GitLab Importer	Affected by	VCID-v9st-5q6q-73f5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2017-12972.yml	38.3.0
2026-04-11T21:48:28.402524+00:00	GitLab Importer	Affected by	VCID-ut92-ya9x-dybz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2017-12973.yml	38.3.0
2026-04-03T00:15:06.673025+00:00	GitLab Importer	Affected by	VCID-w663-rgr4-ekdg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2023-52428.yml	38.1.0
2026-04-02T22:21:46.152684+00:00	GitLab Importer	Affected by	VCID-vyx8-csfk-nqd1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2019-17195.yml	38.1.0
2026-04-02T22:02:24.440419+00:00	GitLab Importer	Affected by	VCID-2c4k-cujv-abdt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2017-12974.yml	38.1.0
2026-04-02T22:02:23.969616+00:00	GitLab Importer	Affected by	VCID-v9st-5q6q-73f5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2017-12972.yml	38.1.0
2026-04-02T22:02:23.505092+00:00	GitLab Importer	Affected by	VCID-ut92-ya9x-dybz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2017-12973.yml	38.1.0
2026-04-01T16:39:32.436362+00:00	GitLab Importer	Affected by	VCID-vyx8-csfk-nqd1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2019-17195.yml	38.0.0
2026-04-01T16:19:32.990924+00:00	GitLab Importer	Affected by	VCID-2c4k-cujv-abdt	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2017-12974.yml	38.0.0
2026-04-01T16:19:32.481795+00:00	GitLab Importer	Affected by	VCID-v9st-5q6q-73f5	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2017-12972.yml	38.0.0
2026-04-01T16:19:31.967778+00:00	GitLab Importer	Affected by	VCID-ut92-ya9x-dybz	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2017-12973.yml	38.0.0