Filtered by vendor Connect2id
Subscriptions
Filtered by product Nimbus Jose+jwt
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53864 | 1 Connect2id | 1 Nimbus Jose+jwt | 2025-07-15 | 5.8 Medium |
| Connect2id Nimbus JOSE + JWT before 10.0.2 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2id product could have checked the JSON object nesting depth, regardless of what limits (if any) were imposed by Gson. | ||||
Page 1 of 1.