You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
MSAL 5.1.0 (most recent so far) has a dependency on com.nimbusds:nimbus-jose-jwt:9.9 which has the following vulnerability:
In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.
MSAL 5.1.0 (most recent so far) has a dependency on com.nimbusds:nimbus-jose-jwt:9.9 which has the following vulnerability:
In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component.
https://nvd.nist.gov/vuln/detail/CVE-2023-52428
https://ossindex.sonatype.org/vulnerability/CVE-2023-52428
Mitigation: Please update com.nimbusds:nimbus-jose-jwt dependency to v9.37.2 or newer
The text was updated successfully, but these errors were encountered: