First published: Mon Dec 25 2023(Updated: )
jose4j is vulnerable to a denial of service, caused by improper input validation. By sending a specially crafted p2c value, a remote attacker could exploit this vulnerability to cause a denial of service condition.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
maven/org.bitbucket.b_c:jose4j | <0.9.4 | 0.9.4 |
redhat/jose4j | <0.9.4 | 0.9.4 |
IBM Security Verify Governance - Identity Manager | <=ISVG 10.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-51775 is classified as a denial of service vulnerability due to improper input validation.
To fix CVE-2023-51775, upgrade the jose4j library to version 0.9.4 or later.
Versions of jose4j prior to 0.9.4 are affected by CVE-2023-51775.
Yes, CVE-2023-51775 can affect IBM Security Verify Governance versions up to ISVG 10.0.2.
CVE-2023-51775 can be exploited by attackers using a specially crafted p2c value, leading to a denial of service condition.