CVE-2019-17195

CVE	CVE-2019-17195
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2019-10-15 14:15:00 UTC
Updated	2023-11-07 03:06:00 UTC
Description	Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.

Problem Types: CWE-755

Type	Vendor	Product	Version	Update	Edition	Language
Application	Apache	Avro	1.10.1	All	All	All
Application	Apache	Avro	1.10.2	All	All	All
Application	Apache	Hadoop	3.2.1	-	All	All
Application	Connect2id	Nimbus Jose Jwt	All	All	All	All
Application	Connect2id	Nimbus Jose Jwt	All	All	All	All
Application	Connect2id	Nimbus Jose Jwt	All	All	All	All
Application	Oracle	Communications Cloud Native Core Security Edge Protection Proxy	1.7.0	All	All	All
Application	Oracle	Communications Pricing Design Center	12.0.0.3.0	All	All	All
Application	Oracle	Data Integrator	12.2.1.4.0	All	All	All
Application	Oracle	Enterprise Manager Base Platform	13.4.0.0	All	All	All
Application	Oracle	Healthcare Data Repository	8.1.0	All	All	All
Application	Oracle	Insurance Policy Administration	All	All	All	All
Application	Oracle	Jd Edwards Enterpriseone Orchestrator	All	All	All	All
Application	Oracle	Jd Edwards Enterpriseone Tools	All	All	All	All
Application	Oracle	Peoplesoft Enterprise Peopletools	8.58	All	All	All
Application	Oracle	Peoplesoft Enterprise Peopletools	8.59	All	All	All
Application	Oracle	Policy Automation	All	All	All	All
Application	Oracle	Primavera Gateway	19.12.0	All	All	All
Application	Oracle	Primavera Gateway	All	All	All	All
Application	Oracle	Solaris Cluster	4.0	All	All	All
Application	Oracle	Weblogic Server	12.2.1.3.0	All	All	All
Application	Oracle	Weblogic Server	12.2.1.4.0	All	All	All

Reference	Source	Link	Tags
Pony Mail!	MLIST	lists.apache.org
Pony Mail!	MLIST	lists.apache.org
Nimbus JOSE+JWT 7.9 fixes an unchecked exception vulnerability \| Connect2id	CONFIRM	connect2id.com	Release Notes, Vendor Advisory
Pony Mail!		lists.apache.org
Oracle Critical Patch Update Advisory - April 2022	MISC	www.oracle.com
Pony Mail!	MLIST	lists.apache.org
Pony Mail!		lists.apache.org
Pony Mail!	MLIST	lists.apache.org
Oracle Critical Patch Update Advisory - July 2021	N/A	www.oracle.com
Pony Mail!	MLIST	lists.apache.org
Pony Mail!	MLIST	lists.apache.org
Pony Mail!	MLIST	lists.apache.org
Oracle Critical Patch Update Advisory - October 2021	MISC	www.oracle.com
Oracle Critical Patch Update Advisory - January 2022	MISC	www.oracle.com
Pony Mail!		lists.apache.org
[avro-dev] 20210416 [jira] [Commented] (AVRO-3111) CVE-2019-17195		lists.apache.org
Bitbucket	CONFIRM	bitbucket.org	Release Notes, Third Party Advisory
[druid-commits] 20210507 [druid] branch 0.21.1 updated: Suppressing false positive CVE-2020-7791 (#11215) (#11217)		lists.apache.org
Pony Mail!		lists.apache.org
Oracle Critical Patch Update Advisory - April 2020	N/A	www.oracle.com
Oracle Critical Patch Update Advisory - April 2021	MISC	www.oracle.com
Oracle Critical Patch Update Advisory - January 2021	MISC	www.oracle.com
Pony Mail!		lists.apache.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

375720 Oracle PeopleSoft Enterprise PeopleTools Product Multiple Vulnerabilities (CPUJUL2021)
87478 Oracle WebLogic Server Multiple Vulnerabilities (CPUJAN2022)
983505 Java (maven) Security Update for com.nimbusds:nimbus-jose-jwt (GHSA-f6vf-pq8c-69m4)