Homepage

com.nimbusds:nimbus-jose-jwt@9.37.3 vulnerabilities

  • latest version

    10.3.1

  • latest non vulnerable version

    10.3.1

  • first published

    12 years ago

  • latest version published

    18 days ago

  • licenses detected

  • package registry

    View on Maven Central Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the com.nimbusds:nimbus-jose-jwt package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Uncontrolled Recursion

    com.nimbusds:nimbus-jose-jwt is a library for JSON Web Tokens (JWT)

    Affected versions of this package are vulnerable to Uncontrolled Recursion due to the improper handling JWT claim sets containing deeply nested JSON objects. An attacker can cause application downtime or resource exhaustion by submitting a specially crafted JWT with excessive nesting.

    Note:

    This issue only affects nimbus-jose-jwt, not Gson because the Connect2id product could have checked the JSON object nesting depth, regardless of what limits (if any) were imposed by Gson.

    How to fix Uncontrolled Recursion?

    Upgrade com.nimbusds:nimbus-jose-jwt to version 10.0.2 or higher.

    [,10.0.2)
    Go back to all versions of this package