GHSA-gvpg-vgmx-xg6w
Suggest an improvement- Source
- https://github.com/advisories/GHSA-gvpg-vgmx-xg6w
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-gvpg-vgmx-xg6w/GHSA-gvpg-vgmx-xg6w.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-gvpg-vgmx-xg6w
- Aliases
- Downstream
- Related
- Published
- 2024-02-11T06:30:27Z
- Modified
- 2024-10-30T21:46:42.418884Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Denial of Service in Connect2id Nimbus JOSE+JWT
- Details
-
In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.
- Database specific
{ "nvd_published_at": "2024-02-11T05:15:08Z", "github_reviewed_at": "2024-03-15T14:23:03Z", "cwe_ids": [ "CWE-400", "CWE-770" ], "severity": "HIGH", "github_reviewed": true }- References
Affected packages
Maven / com.nimbusds:nimbus-jose-jwt
Package
- Name
- com.nimbusds:nimbus-jose-jwt
- View open source insights on deps.dev
- Purl
- pkg:maven/com.nimbusds/nimbus-jose-jwt
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed9.37.2
Affected versions
2.*
2.9
2.10
2.10.1
2.11.0
2.12.0
2.13.0
2.13.1
2.14.0
2.15.0
2.15.1
2.15.2
2.16
2.17
2.17.1
2.17.2
2.18
2.18.1
2.18.2
2.19
2.19.1
2.20
2.21
2.22
2.22.1
2.23
2.24
2.25
2.26
2.26.1
3.*
3.0
3.1
3.1.1
3.1.2
3.2
3.2.1
3.2.2
3.3
3.4
3.5
3.6
3.7
3.8
3.8.1
3.8.2
3.9
3.9.1
3.9.2
3.10
4.*
4.0-rc1
4.0-rc2
4.0-rc3
4.0-rc4
4.0
4.0.1
4.1
4.1.1
4.2
4.3
4.3.1
4.4
4.5
4.6
4.7
4.8
4.9
4.10
4.11
4.11.1
4.11.2
4.12
4.13
4.13.1
4.14
4.15
4.15.1
4.16
4.16.1
4.16.2
4.17
4.18
4.19
4.20
4.21
4.22
4.23
4.24
4.25
4.26
4.26.1
4.27
4.27.1
4.28
4.29
4.30
4.31.1
4.32
4.33
4.34
4.34.1
4.34.2
4.35
4.36
4.36.1
4.37
4.37.1
4.38
4.39
4.39.1
4.39.2
4.40
4.41
4.41.1
4.41.2
4.41.3
5.*
5.0
5.1
5.2
5.3
5.4
5.5
5.6
5.7
5.8
5.9
5.10
5.11
5.12
5.13
5.14
6.*
6.0
6.0.1
6.0.2
6.1
6.1.1
6.2
6.3
6.3.1
6.4
6.4.1
6.4.2
6.5
6.5.1
6.6
6.7
6.8
7.*
7.0
7.0.1
7.1
7.2.1
7.3
7.4
7.5
7.5.1
7.6
7.7
7.8
7.8.1
7.9
8.*
8.0
8.1
8.2
8.2.1
8.3
8.4
8.4.1
8.5
8.5.1
8.6
8.7
8.8
8.9
8.10
8.11
8.12
8.13
8.14
8.14.1
8.15
8.16
8.17
8.17.1
8.18
8.18.1
8.19
8.20
8.20.1
8.20.2
8.21
8.21.1
8.22
8.22.1
8.23
9.*
9.0
9.0.1
9.1
9.1.1
9.1.2
9.1.3
9.1.4
9.1.5
9.2
9.3
9.4
9.4.1
9.4.2
9.5
9.6
9.6.1
9.7
9.8
9.8.1
9.9
9.9.1
9.9.2
9.9.3
9.10
9.10.1
9.11
9.11.1
9.11.2
9.11.3
9.12
9.12.1
9.13
9.14
9.15
9.15.1
9.15.2
9.16
9.16-preview.1
9.16.1
9.17
9.18
9.19
9.20
9.21
9.21.1
9.22
9.23
9.24
9.24.1
9.24.2
9.24.3
9.24.4
9.25
9.25.1
9.25.2
9.25.3
9.25.4
9.25.5
9.25.6
9.26
9.27
9.28
9.29
9.30
9.30.1
9.30.2
9.31
9.32
9.33
9.34
9.35
9.36
9.37
9.37.1