{
  "_class" : "io.jenkins.plugins.analysis.core.restapi.ReportApi",
  "issues" : [
    {
      "addedAt" : 0,
      "authorEmail" : "-",
      "authorName" : "-",
      "baseName" : "nimbus-jose-jwt-9.37.3.jar",
      "category" : "",
      "columnEnd" : 0,
      "columnStart" : 0,
      "commit" : "-",
      "description" : "",
      "fileName" : "/var/govway/batch/generatoreStatistiche/lib/nimbus-jose-jwt-9.37.3.jar",
      "fingerprint" : "FALLBACK-ef0d0e",
      "lineEnd" : 1,
      "lineStart" : 1,
      "message" : "CVE-2025-53864: LanguageSpecificPackageVulnerability\u000a\u000acom.nimbusds/nimbus-jose-jwt: Uncontrolled recursion in Connect2id Nimbus JOSE + JWT\u000a\u000aFor additional help see: **Vulnerability CVE-2025-53864**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|MEDIUM|com.nimbusds:nimbus-jose-jwt|10.0.2|[CVE-2025-53864](https://avd.aquasec.com/nvd/cve-2025-53864)|\u000a\u000aConnect2id Nimbus JOSE + JWT before 10.0.2 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2id product could have checked the JSON object nesting depth, regardless of what limits (if any) were imposed by Gson.\u000a\u000aPackage: com.nimbusds:nimbus-jose-jwt\u000aInstalled Version: 9.37.3\u000aVulnerability CVE-2025-53864\u000aSeverity: MEDIUM\u000aFixed Version: 10.0.2\u000aLink: [CVE-2025-53864](https://avd.aquasec.com/nvd/cve-2025-53864)",
      "moduleName" : "",
      "origin" : "trivy",
      "originName" : "Trivy Security Scanner",
      "packageName" : "-",
      "reference" : "1268",
      "severity" : "NORMAL",
      "toString" : "nimbus-jose-jwt-9.37.3.jar(1,0): CVE-2025-53864: : CVE-2025-53864: LanguageSpecificPackageVulnerability\u000a\u000acom.nimbusds/nimbus-jose-jwt: Uncontrolled recursion in Connect2id Nimbus JOSE + JWT\u000a\u000aFor additional help see: **Vulnerability CVE-2025-53864**\u000a| Severity | Package | Fixed Version | Link |\u000a| --- | --- | --- | --- |\u000a|MEDIUM|com.nimbusds:nimbus-jose-jwt|10.0.2|[CVE-2025-53864](https://avd.aquasec.com/nvd/cve-2025-53864)|\u000a\u000aConnect2id Nimbus JOSE + JWT before 10.0.2 allows a remote attacker to cause a denial of service via a deeply nested JSON object supplied in a JWT claim set, because of uncontrolled recursion. NOTE: this is independent of the Gson 2.11.0 issue because the Connect2id product could have checked the JSON object nesting depth, regardless of what limits (if any) were imposed by Gson.\u000a\u000aPackage: com.nimbusds:nimbus-jose-jwt\u000aInstalled Version: 9.37.3\u000aVulnerability CVE-2025-53864\u000aSeverity: MEDIUM\u000aFixed Version: 10.0.2\u000aLink: [CVE-2025-53864](https://avd.aquasec.com/nvd/cve-2025-53864)",
      "type" : "CVE-2025-53864"
    }
  ],
  "size" : 1,
  "toString" : "1 warning (normal: 1)"
}