In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.
Vendor | Product | Version | CPE |
---|---|---|---|
connect2id | nimbus_jose\+jwt | * | cpe:2.3:a:connect2id:nimbus_jose\+jwt:*:*:*:*:*:*:*:* |