WebLogic Allocation of Resources Without Limits or Throttling Vulnerability - CVE-2020-7226

CiphertextHeader.java in Cryptacular 1.2.3 as used in Apereo CAS and other products allows attackers to trigger excessive memory allocation during a decode operation because the nonce array length associated with quotnew bytequot may depend on untrusted input within the header of encoded data.