Miggo Logo
Miggo Vulnerability Database
CVE-2019-17195

CVE-2019-17195: Improper Check for Unusual or Exceptional Conditions in Connect2id Nimbus JOSE+JWT

9.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2019-17195
GHSA ID
GHSA-f6vf-pq8c-69m4
EPSS Score
0.93541%
CWE
CWE-754
Published
10/16/2019
Updated
2/1/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
com.nimbusds:nimbus-jose-jwtmaven< 7.97.9

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The patch evidence suggests that the JSONObjectUtils.parse function was modified to catch unexpected exceptions and rethrow them as ParseException. This indicates that the function was previously vulnerable to uncaught exceptions, which could lead to an application crash or authentication bypass.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*onn**t*i* Nim*us JOS*+JWT ***or* v*.* **n t*row v*rious un**u**t *x**ptions w*il* p*rsin* * JWT, w*i** *oul* r*sult in *n *ppli**tion *r*s* (pot*nti*l in*orm*tion *is*losur*) or * pot*nti*l *ut**nti**tion *yp*ss.

Reasoning

T** p*t** *vi**n** su***sts t**t t** `JSONO*j**tUtils.p*rs*` *un*tion w*s mo*i*i** to **t** un*xp**t** *x**ptions *n* r*t*row t**m *s `P*rs**x**ption`. T*is in*i**t*s t**t t** *un*tion w*s pr*viously vuln*r**l* to un**u**t *x**ptions, w*i** *oul* l**