CVE-2019-17195

Connect2id Nimbus JOSE+JWT before v7.9 can throw various uncaught exceptions while parsing a JWT, which could result in an application crash (potential information disclosure) or a potential authentication bypass.

References

Affected packages

Git / github.com/apache/hadoop

Affected ranges

Type

GIT

Repo

https://github.com/apache/hadoop

Events

Introduced

Last affected

b3cbbb467e22ea829b3808f4b7b01d07e0bf3842

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.2.1-NA"
        }
    ]
}

Affected versions

Other

YARN-2928-2016-07-10

rel/release-3.*

rel/release-3.2.1

release-3.*

release-3.2.1-RC0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-17195.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "fixed": "7.9"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "1.7.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.0.0.3.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.2.1.4.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "13.4.0.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.1.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "11.0"
            },
            {
                "last_affected": "11.3.1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.2.5.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.2.5.3"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.58"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.59"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "12.2.0"
            },
            {
                "last_affected": "12.2.22"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "18.8.0"
            },
            {
                "last_affected": "18.8.11"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "19.12.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "4.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.2.1.3.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "12.2.1.4.0"
            }
        ]
    }
]