cve/2019/CVE-2019-17195.md

CVE-2019-17195

Description

Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.

POC

Reference

• https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/SECURITY-CHANGELOG.txt
• https://www.oracle.com//security-alerts/cpujul2021.html
• https://www.oracle.com/security-alerts/cpuApr2021.html
• https://www.oracle.com/security-alerts/cpuapr2020.html
• https://www.oracle.com/security-alerts/cpuapr2022.html
• https://www.oracle.com/security-alerts/cpujan2021.html
• https://www.oracle.com/security-alerts/cpujan2022.html
• https://www.oracle.com/security-alerts/cpuoct2021.html

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/CVEDB/PoC-List
• https://github.com/developer3000S/PoC-in-GitHub
• https://github.com/somatrasss/weblogic2021
• https://github.com/yahoo/cubed