Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
Description
Nimbus JOSE JWT version 9 prior to 9.24.0 include a shaded version of JSON Smart 2.4.8, which is vulnerable to resource exhaustion as described in CVE-2023-1370. More recent versions of Nimbus JOSE JWT depend on Gson and are not subject to the vulnerability.
Attachments
Issue Links
- links to