Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when converting length values from bytes to bits, which allows attackers to conduct HMAC bypass attacks by shifting Additional Authenticated Data (AAD) and ciphertext so that different plaintext is obtained for the same HMAC.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Nimbus JOSE+JWT 安全漏洞
Vulnerability Description
Nimbus JOSE+JWT是一个开源的Java库。该库用于创建、检查、序列化和解析JSON Web签名对象和JSON Web加密对象等。 Nimbus JOSE+JWT 4.39之前的版本中存在安全漏洞,该漏洞源于程序没有执行整数溢出检测。攻击者可通过嗅探Additional Authenticated Data (AAD)和密文利用该漏洞实施HMAC绕过攻击。
CVSS Information
N/A
Vulnerability Type
N/A