CVE-2017-12973
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-12973
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-12973.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-12973
- Aliases
- Published
- 2017-08-20T16:29:00Z
- Modified
- 2024-05-23T01:08:52.740076Z
- Severity
-
- 3.1 (Low) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an invalid HMAC in authenticated AES-CBC decryption, which allows attackers to conduct a padding oracle attack.
- References
Affected packages
Git / bitbucket.org/connect2id/nimbus-jose-jwt
Affected ranges
- Type
- GIT
- Repo
- https://bitbucket.org/connect2id/nimbus-jose-jwt
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed6a29f10f723f406eb25555f55842c59a43a38912
Affected versions
2.*
2.0
2.0.1
2.1
2.1.1
2.10
2.10.1
2.11.0
2.12.0
2.13.0
2.13.1
2.14.0
2.15.0
2.15.1
2.15.2
2.16
2.17
2.17.1
2.17.2
2.18
2.18.1
2.18.2
2.19
2.19.1
2.2
2.20
2.21
2.22
2.22.1
2.23
2.24
2.25
2.26
2.26.1
2.3
2.4
2.5
2.6
2.7
2.8
2.9
3.*
3.0
3.1
3.1.1
3.1.2
3.10
3.2
3.2.1
3.2.2
3.3
3.4
3.5
3.6
3.7
3.8
3.8.1
3.8.2
3.9
3.9.1
3.9.2
4.*
4.0
4.0-rc1
4.0-rc2
4.0-rc3
4.0-rc4
4.0.1
4.1
4.1.1
4.10
4.11
4.11.1
4.11.2
4.12
4.13.1
4.14
4.15
4.15.1
4.16
4.16.1
4.16.2
4.17
4.18
4.19
4.2
4.20
4.21
4.22
4.23
4.24
4.25
4.26
4.26.1
4.27
4.27.1
4.28
4.29
4.3
4.3.1
4.30
4.31.1
4.32
4.33
4.34
4.34.1
4.34.2
4.35
4.36
4.36.1
4.37
4.37.1
4.38
4.4
4.5
4.6
4.7
4.8
4.9