VulnerableCode Package Details - pkg:maven/com.nimbusds/nimbus-jose-jwt@7.9

Search for packages

Vulnerability	Summary	Fixed by
VCID-w663-rgr4-ekdg Aliases: CVE-2023-52428 GHSA-gvpg-vgmx-xg6w	Denial of Service in Connect2id Nimbus JOSE+JWT In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.	9.37.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-w663-rgr4-ekdg
Aliases:
CVE-2023-52428
GHSA-gvpg-vgmx-xg6w

Denial of Service in Connect2id Nimbus JOSE+JWT In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.

9.37.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-vyx8-csfk-nqd1	Improper Check for Unusual or Exceptional Conditions in Connect2id Nimbus JOSE+JWT Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.	CVE-2019-17195 GHSA-f6vf-pq8c-69m4

Vulnerability

Summary

Aliases

VCID-vyx8-csfk-nqd1

Improper Check for Unusual or Exceptional Conditions in Connect2id Nimbus JOSE+JWT Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.

CVE-2019-17195
GHSA-f6vf-pq8c-69m4

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:50:33.686829+00:00	GitLab Importer	Affected by	VCID-w663-rgr4-ekdg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2023-52428.yml	38.4.0
2026-04-16T20:58:01.412585+00:00	GitLab Importer	Fixing	VCID-vyx8-csfk-nqd1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2019-17195.yml	38.4.0
2026-04-12T00:09:59.026707+00:00	GitLab Importer	Affected by	VCID-w663-rgr4-ekdg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2023-52428.yml	38.3.0
2026-04-11T22:09:07.807163+00:00	GitLab Importer	Fixing	VCID-vyx8-csfk-nqd1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2019-17195.yml	38.3.0
2026-04-03T00:15:06.899233+00:00	GitLab Importer	Affected by	VCID-w663-rgr4-ekdg	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2023-52428.yml	38.1.0
2026-04-02T22:21:46.348483+00:00	GitLab Importer	Fixing	VCID-vyx8-csfk-nqd1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2019-17195.yml	38.1.0
2026-04-01T16:39:32.704856+00:00	GitLab Importer	Fixing	VCID-vyx8-csfk-nqd1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.nimbusds/nimbus-jose-jwt/CVE-2019-17195.yml	38.0.0
2026-04-01T15:57:42.562827+00:00	GHSA Importer	Fixing	VCID-vyx8-csfk-nqd1	https://github.com/advisories/GHSA-f6vf-pq8c-69m4	38.0.0
2026-04-01T13:04:04.798893+00:00	GithubOSV Importer	Fixing	VCID-vyx8-csfk-nqd1	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/10/GHSA-f6vf-pq8c-69m4/GHSA-f6vf-pq8c-69m4.json	38.0.0