connect2id / Nimbus-JOSE-JWT / issues / #398 - DefaultJWTClaimsVerifier not threadsafe — Bitbucket

Issue #398 invalid

Former user created an issue 2021-01-22

In com.nimbusds.jwt.proc.DefaultJWTClaimsVerifier there are two BadJWTException instances kept as constants.

The problem is that when an exception is throw a stacktrace is attached to it, making it a mutable object. There is a (extremely) small chance that two threads throw the same exception at the same instance and the stacktrace gets clobbered.

Comments (1)

Vladimir Dzhuvinov
- changed status to invalid
This likely was the case in a old version of the lib, the current 9.x doesn't have BadJWTException constants. There should be none at present.

If you run into similar issues, please post a snippet or link to the code line(s).
- 2021-01-28T07:01:06+00:00
Log in to comment

Assignee: –

Type: bug

Priority: minor

Status: invalid

Component: –

Milestone: –

Votes: 0

Watchers: None

Jira: the preferred issue tracker for Bitbucket. Join the team!