Miggo Logo

CVE-2019-17195: Improper Check for Unusual or Exceptional Conditions in Connect2id Nimbus JOSE+JWT

9.8

CVSS Score
3.1

Basic Information

EPSS Score
0.93541%
Published
10/16/2019
Updated
2/1/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
com.nimbusds:nimbus-jose-jwtmaven< 7.97.9

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The patch evidence suggests that the JSONObjectUtils.parse function was modified to catch unexpected exceptions and rethrow them as ParseException. This indicates that the function was previously vulnerable to uncaught exceptions, which could lead to an application crash or authentication bypass.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*onn**t*i* Nim*us JOS*+JWT ***or* v*.* **n t*row v*rious un**u**t *x**ptions w*il* p*rsin* * JWT, w*i** *oul* r*sult in *n *ppli**tion *r*s* (pot*nti*l in*orm*tion *is*losur*) or * pot*nti*l *ut**nti**tion *yp*ss.

Reasoning

T** p*t** *vi**n** su***sts t**t t** `JSONO*j**tUtils.p*rs*` *un*tion w*s mo*i*i** to **t** un*xp**t** *x**ptions *n* r*t*row t**m *s `P*rs**x**ption`. T*is in*i**t*s t**t t** *un*tion w*s pr*viously vuln*r**l* to un**u**t *x**ptions, w*i** *oul* l**