Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Undefined
Fix Version/s: 2.7.0.GA
Affects Version/s: None
Component/s: None
Labels:
None

Epic Link:
2.7.0 Productization
Blocked:
False
Blocked Reason:
None
Ready:
False
Target Release:

2.7.0.GA
Intelligence Requested:
Market:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.

https://www.cve.org/CVERecord?id=CVE-2023-52428

mentioned in: Page Loading...

Assignee:: Unassigned

Reporter:: Christopher Foley

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: 2024/04/22 4:02 PM

Updated:: 2024/04/25 8:34 AM

Details

Description

Attachments

Issue Links

Activity

People

Dates

Hide