Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Jun 2022, 18:40
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory | |
CPE | cpe:2.3:a:oracle:solaris_cluster:4.0:*:*:*:*:*:*:* |
20 Apr 2022, 00:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Apr 2022, 17:35
Type | Values Removed | Values Added |
---|---|---|
References | (MLIST) https://lists.apache.org/thread.html/r2667286c8ceffaf893b16829b9612d8f7c4ee6b30362c6c1b583e3c2@%3Ccommits.druid.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r5e08837e695efd36be73510ce58ec05785dbcea077819d8acc2d990d@%3Ccommits.druid.apache.org%3E - Mailing List, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpujan2022.html - Not Applicable | |
References | (N/A) https://www.oracle.com//security-alerts/cpujul2021.html - Patch, Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Patch, Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r33dc233634aedb04fa77db3eb79ea12d15ca4da89fa46a1c585ecb0b@%3Ccommits.druid.apache.org%3E - Mailing List, Third Party Advisory |
07 Feb 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
18 Nov 2021, 14:52
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:apache:avro:1.10.1:*:*:*:*:*:*:* |
cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:* cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:* cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:* |
References | (MLIST) https://lists.apache.org/thread.html/r2667286c8ceffaf893b16829b9612d8f7c4ee6b30362c6c1b583e3c2@%3Ccommits.druid.apache.org%3E - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r5e08837e695efd36be73510ce58ec05785dbcea077819d8acc2d990d@%3Ccommits.druid.apache.org%3E - Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuoct2021.html - Third Party Advisory | |
References | (MISC) https://www.oracle.com/security-alerts/cpuApr2021.html - Third Party Advisory | |
References | (N/A) https://www.oracle.com//security-alerts/cpujul2021.html - Third Party Advisory | |
References | (MLIST) https://lists.apache.org/thread.html/r33dc233634aedb04fa77db3eb79ea12d15ca4da89fa46a1c585ecb0b@%3Ccommits.druid.apache.org%3E - Third Party Advisory |
20 Oct 2021, 11:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-755 | |
References |
|
14 Jun 2021, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2019-10-15 14:15
Updated : 2024-02-04 20:39
NVD link : CVE-2019-17195
Mitre link : CVE-2019-17195
CVE.ORG link : CVE-2019-17195
JSON object : View
Products Affected
oracle
- jd_edwards_enterpriseone_tools
- communications_cloud_native_core_security_edge_protection_proxy
- policy_automation
- healthcare_data_repository
- jd_edwards_enterpriseone_orchestrator
- primavera_gateway
- weblogic_server
- peoplesoft_enterprise_peopletools
- solaris_cluster
- data_integrator
- insurance_policy_administration
- enterprise_manager_base_platform
- communications_pricing_design_center
apache
- hadoop
connect2id
- nimbus_jose\+jwt
CWE
CWE-755
Improper Handling of Exceptional Conditions