CVE-2019-17195

Name of the Vulnerable Software and Affected Versions Connect2id Nimbus JOSE+JWT versions prior to 7.9

Description The issue is related to insufficient checking of unusual or exceptional states in the Java library Nimbus JOSE + JWT. This can be exploited by a remote attacker to cause a denial of service or gain unauthorized access to protected information. The vulnerability may result in an application crash, potentially disclosing information, or a potential authentication bypass when parsing a JWT.

Recommendations For versions prior to 7.9, update to version 7.9 or later to resolve the issue. As a temporary workaround, consider implementing additional error handling for uncaught exceptions when parsing JWTs to minimize the risk of application crashes or information disclosure. Restrict access to sensitive information and authentication mechanisms until the update is applied.