VulnerableCode Package Details - pkg:maven/com.nimbusds/nimbus-jose-jwt@6.4.2

Search for packages

Vulnerability	Summary	Fixed by
VCID-vyx8-csfk-nqd1 Aliases: CVE-2019-17195 GHSA-f6vf-pq8c-69m4	Improper Check for Unusual or Exceptional Conditions in Connect2id Nimbus JOSE+JWT Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.	7.9 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-w663-rgr4-ekdg Aliases: CVE-2023-52428 GHSA-gvpg-vgmx-xg6w	Denial of Service in Connect2id Nimbus JOSE+JWT In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.	9.37.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-vyx8-csfk-nqd1
Aliases:
CVE-2019-17195
GHSA-f6vf-pq8c-69m4

Improper Check for Unusual or Exceptional Conditions in Connect2id Nimbus JOSE+JWT Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.

7.9
Affected by 1 other vulnerability.

VCID-w663-rgr4-ekdg
Aliases:
CVE-2023-52428
GHSA-gvpg-vgmx-xg6w

Denial of Service in Connect2id Nimbus JOSE+JWT In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.

9.37.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:50:33.627825+00:00	GitLab Importer	Affected by	VCID-w663-rgr4-ekdg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2023-52428.yml	38.4.0
2026-04-16T20:58:01.356343+00:00	GitLab Importer	Affected by	VCID-vyx8-csfk-nqd1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2019-17195.yml	38.4.0
2026-04-12T00:09:58.993319+00:00	GitLab Importer	Affected by	VCID-w663-rgr4-ekdg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2023-52428.yml	38.3.0
2026-04-11T22:09:07.738835+00:00	GitLab Importer	Affected by	VCID-vyx8-csfk-nqd1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2019-17195.yml	38.3.0
2026-04-03T00:15:06.831533+00:00	GitLab Importer	Affected by	VCID-w663-rgr4-ekdg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2023-52428.yml	38.1.0
2026-04-02T22:21:46.291147+00:00	GitLab Importer	Affected by	VCID-vyx8-csfk-nqd1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2019-17195.yml	38.1.0
2026-04-01T16:39:32.624031+00:00	GitLab Importer	Affected by	VCID-vyx8-csfk-nqd1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2019-17195.yml	38.0.0