2019-10-15 14:01:01 +00:00
{
2020-04-16 19:02:50 +00:00
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org" ,
"ID" : "CVE-2019-17195" ,
"STATE" : "PUBLIC"
2019-10-15 14:01:01 +00:00
} ,
2020-04-16 19:02:50 +00:00
"affects" : {
"vendor" : {
"vendor_data" : [
2019-10-15 14:01:01 +00:00
{
2020-04-16 19:02:50 +00:00
"product" : {
"product_data" : [
2019-10-15 14:01:01 +00:00
{
2020-04-16 19:02:50 +00:00
"product_name" : "n/a" ,
"version" : {
"version_data" : [
2019-10-15 14:01:01 +00:00
{
2020-04-16 19:02:50 +00:00
"version_value" : "n/a"
2019-10-15 14:01:01 +00:00
}
]
}
}
]
} ,
2020-04-16 19:02:50 +00:00
"vendor_name" : "n/a"
2019-10-15 14:01:01 +00:00
}
]
}
} ,
2020-04-16 19:02:50 +00:00
"data_format" : "MITRE" ,
"data_type" : "CVE" ,
"data_version" : "4.0" ,
"description" : {
"description_data" : [
2019-10-15 14:01:01 +00:00
{
2020-04-16 19:02:50 +00:00
"lang" : "eng" ,
"value" : "Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass."
2019-10-15 14:01:01 +00:00
}
]
} ,
2020-04-16 19:02:50 +00:00
"problemtype" : {
"problemtype_data" : [
2019-10-15 14:01:01 +00:00
{
2020-04-16 19:02:50 +00:00
"description" : [
2019-10-15 14:01:01 +00:00
{
2020-04-16 19:02:50 +00:00
"lang" : "eng" ,
"value" : "n/a"
2019-10-15 14:01:01 +00:00
}
]
}
]
} ,
2020-04-16 19:02:50 +00:00
"references" : {
"reference_data" : [
2019-11-07 18:01:25 +00:00
{
2020-04-16 19:02:50 +00:00
"refsource" : "MLIST" ,
"name" : "[hadoop-common-issues] 20191107 [jira] [Created] (HADOOP-16690) Update dependency com.nimbusds:nimbus-jose-jwt due to security vulnerability" ,
"url" : "https://lists.apache.org/thread.html/e10d43984f39327e443e875adcd4a5049193a7c010e81971908caf41@%3Ccommon-issues.hadoop.apache.org%3E"
2019-11-07 18:01:25 +00:00
} ,
{
2020-04-16 19:02:50 +00:00
"refsource" : "MLIST" ,
"name" : "[hadoop-common-dev] 20191107 [jira] [Created] (HADOOP-16690) Update dependency com.nimbusds:nimbus-jose-jwt due to security vulnerability" ,
"url" : "https://lists.apache.org/thread.html/8768553cda5838f59ee3865cac546e824fa740e82d9dc2a7fc44e80d@%3Ccommon-dev.hadoop.apache.org%3E"
2020-04-14 14:04:09 -07:00
} ,
{
2020-04-16 19:02:50 +00:00
"url" : "https://www.oracle.com/security-alerts/cpuapr2020.html" ,
"refsource" : "MISC" ,
"name" : "https://www.oracle.com/security-alerts/cpuapr2020.html"
2021-01-19 13:08:08 -08:00
} ,
{
2021-01-20 15:02:47 +00:00
"url" : "https://www.oracle.com/security-alerts/cpujan2021.html" ,
"refsource" : "MISC" ,
"name" : "https://www.oracle.com/security-alerts/cpujan2021.html"
} ,
{
"refsource" : "CONFIRM" ,
"name" : "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/SECURITY-CHANGELOG.txt" ,
"url" : "https://bitbucket.org/connect2id/nimbus-jose-jwt/src/master/SECURITY-CHANGELOG.txt"
} ,
{
"refsource" : "CONFIRM" ,
"name" : "https://connect2id.com/blog/nimbus-jose-jwt-7-9" ,
"url" : "https://connect2id.com/blog/nimbus-jose-jwt-7-9"
2021-04-15 21:00:42 +00:00
} ,
{
"refsource" : "MLIST" ,
"name" : "[avro-dev] 20210415 [jira] [Created] (AVRO-3111) CVE-2019-17195" ,
"url" : "https://lists.apache.org/thread.html/rcac26c2d4df22341fa6ebbfe93ba1eff77d2dcd3f6106a1dc1f9ac98@%3Cdev.avro.apache.org%3E"
2021-04-16 10:00:40 +00:00
} ,
{
"refsource" : "MLIST" ,
"name" : "[avro-dev] 20210416 [jira] [Commented] (AVRO-3111) CVE-2019-17195" ,
"url" : "https://lists.apache.org/thread.html/r35f6301a3e6a56259224786dd9c2a935ba27ff6b494d15a3b66efe6a@%3Cdev.avro.apache.org%3E"
2021-05-06 23:00:42 +00:00
} ,
{
"refsource" : "MLIST" ,
"name" : "[druid-commits] 20210506 [GitHub] [druid] jihoonson commented on a change in pull request #11215: Suppressing false positive CVE-2020-7791" ,
"url" : "https://lists.apache.org/thread.html/r33dc233634aedb04fa77db3eb79ea12d15ca4da89fa46a1c585ecb0b@%3Ccommits.druid.apache.org%3E"
2021-05-07 00:00:43 +00:00
} ,
{
"refsource" : "MLIST" ,
"name" : "[druid-commits] 20210506 [GitHub] [druid] maytasm commented on a change in pull request #11215: Suppressing false positive CVE-2020-7791" ,
"url" : "https://lists.apache.org/thread.html/r2667286c8ceffaf893b16829b9612d8f7c4ee6b30362c6c1b583e3c2@%3Ccommits.druid.apache.org%3E"
2021-05-07 11:00:42 +00:00
} ,
{
"refsource" : "MLIST" ,
"name" : "[druid-commits] 20210507 [druid] branch 0.21.1 updated: Suppressing false positive CVE-2020-7791 (#11215) (#11217)" ,
"url" : "https://lists.apache.org/thread.html/r5e08837e695efd36be73510ce58ec05785dbcea077819d8acc2d990d@%3Ccommits.druid.apache.org%3E"
2021-06-11 10:44:45 -07:00
} ,
{
2021-06-14 18:01:00 +00:00
"url" : "https://www.oracle.com/security-alerts/cpuApr2021.html" ,
"refsource" : "MISC" ,
"name" : "https://www.oracle.com/security-alerts/cpuApr2021.html"
2021-07-20 14:01:27 -07:00
} ,
{
2021-07-21 15:02:04 +00:00
"url" : "https://www.oracle.com//security-alerts/cpujul2021.html" ,
"refsource" : "MISC" ,
"name" : "https://www.oracle.com//security-alerts/cpujul2021.html"
2021-10-19 14:23:14 -07:00
} ,
{
2021-10-20 11:01:07 +00:00
"url" : "https://www.oracle.com/security-alerts/cpuoct2021.html" ,
"refsource" : "MISC" ,
"name" : "https://www.oracle.com/security-alerts/cpuoct2021.html"
2022-01-18 14:34:17 -08:00
} ,
{
2022-02-07 16:01:52 +00:00
"url" : "https://www.oracle.com/security-alerts/cpujan2022.html" ,
"refsource" : "MISC" ,
"name" : "https://www.oracle.com/security-alerts/cpujan2022.html"
2022-04-19 16:10:05 -07:00
} ,
{
2022-04-20 00:02:10 +00:00
"url" : "https://www.oracle.com/security-alerts/cpuapr2022.html" ,
"refsource" : "MISC" ,
"name" : "https://www.oracle.com/security-alerts/cpuapr2022.html"
2019-10-15 14:01:01 +00:00
}
]
}
}
