Description
Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.
Remediation
References
Related Vulnerabilities
PHP Out-of-bounds Read Vulnerability (CVE-2020-7060)
WordPress Plugin iSlidex TimThumb Arbitrary File Upload (2.7)
WordPress Plugin File Groups 'fgid' Parameter SQL Injection (1.1.2)
WordPress Plugin WooCommerce-GloBee Payment Gateway Security Bypass (1.1.1)
Apache HTTP Server Resource Management Errors Vulnerability (CVE-2012-4557)