GHSA-gvpg-vgmx-xg6w

Source

https://github.com/advisories/GHSA-gvpg-vgmx-xg6w

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-gvpg-vgmx-xg6w/GHSA-gvpg-vgmx-xg6w.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-gvpg-vgmx-xg6w

Aliases

CVE-2023-52428

Related

Published

2024-02-11T06:30:27Z

Modified

2024-03-15T14:58:52.822457Z

Summary

Denial of Service in Connect2id Nimbus JOSE+JWT

Details

In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.

References

Affected packages

Maven / com.nimbusds:nimbus-jose-jwt

Package

Name: com.nimbusds:nimbus-jose-jwt; View open source insights on deps.dev
Purl: pkg:maven/com.nimbusds/nimbus-jose-jwt

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.37.2

Affected versions

2.*

2.9

2.10

2.10.1

2.11.0

2.12.0

2.13.0

2.13.1

2.14.0

2.15.0

2.15.1

2.15.2

2.16

2.17

2.17.1

2.17.2

2.18

2.18.1

2.18.2

2.19

2.19.1

2.20

2.21

2.22

2.22.1

2.23

2.24

2.25

2.26

2.26.1

3.*

3.0

3.1

3.1.1

3.1.2

3.2

3.2.1

3.2.2

3.3

3.4

3.5

3.6

3.7

3.8

3.8.1

3.8.2

3.9

3.9.1

3.9.2

3.10

4.*

4.0-rc1

4.0-rc2

4.0-rc3

4.0-rc4

4.0

4.0.1

4.1

4.1.1

4.2

4.3

4.3.1

4.4

4.5

4.6

4.7

4.8

4.9

4.10

4.11

4.11.1

4.11.2

4.12

4.13

4.13.1

4.14

4.15

4.15.1

4.16

4.16.1

4.16.2

4.17

4.18

4.19

4.20

4.21

4.22

4.23

4.24

4.25

4.26

4.26.1

4.27

4.27.1

4.28

4.29

4.30

4.31.1

4.32

4.33

4.34

4.34.1

4.34.2

4.35

4.36

4.36.1

4.37

4.37.1

4.38

4.39

4.39.1

4.39.2

4.40

4.41

4.41.1

4.41.2

4.41.3

5.*

5.0

5.1

5.2

5.3

5.4

5.5

5.6

5.7

5.8

5.9

5.10

5.11

5.12

5.13

5.14

6.*

6.0

6.0.1

6.0.2

6.1

6.1.1

6.2

6.3

6.3.1

6.4

6.4.1

6.4.2

6.5

6.5.1

6.6

6.7

6.8

7.*

7.0

7.0.1

7.1

7.2.1

7.3

7.4

7.5

7.5.1

7.6

7.7

7.8

7.8.1

7.9

8.*

8.0

8.1

8.2

8.2.1

8.3

8.4

8.4.1

8.5

8.5.1

8.6

8.7

8.8

8.9

8.10

8.11

8.12

8.13

8.14

8.14.1

8.15

8.16

8.17

8.17.1

8.18

8.18.1

8.19

8.20

8.20.1

8.20.2

8.21

8.21.1

8.22

8.22.1

8.23

9.*

9.0

9.0.1

9.1

9.1.1

9.1.2

9.1.3

9.1.4

9.1.5

9.2

9.3

9.4

9.4.1

9.4.2

9.5

9.6

9.6.1

9.7

9.8

9.8.1

9.9

9.9.1

9.9.2

9.9.3

9.10

9.10.1

9.11

9.11.1

9.11.2

9.11.3

9.12

9.12.1

9.13

9.14

9.15

9.15.1

9.15.2

9.16

9.16-preview.1

9.16.1

9.17

9.18

9.19

9.20

9.21

9.21.1

9.22

9.23

9.24

9.24.1

9.24.2

9.24.3

9.24.4

9.25

9.25.1

9.25.2

9.25.3

9.25.4

9.25.5

9.25.6

9.26

9.27

9.28

9.29

9.30

9.30.1

9.30.2

9.31

9.32

9.33

9.34

9.35

9.36

9.37

9.37.1