All vulnerabilities
CVE-2023-52428
Denial of Service in Connect2id Nimbus JOSE+JWT
Description
In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.
Patch Available
Fix available through Seal Security.
No upgrade required, protect your application instantly.
Fix without upgrading
Score
Severity
Ecosystem
Java
Publish Date
February 11, 2024
Modified Date
October 30, 2024
Score Vector
Affected Versions
