Closed github-actions[bot] closed 6 months ago
In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.
CVE: CVE-2023-52428 CWE: CWE-400
Closed with https://github.com/exasol/azure-data-lake-storage-gen2-document-files-virtual-schema/pull/49
Summary
In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.
CVE: CVE-2023-52428 CWE: CWE-400
References