eap7-xml-security vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the eap7-xml-security package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
H Directory Traversal	<0:2.3.5-1.redhat_00001.1.el8eap
H Server-Side Request Forgery (SSRF)	<0:2.3.4-1.redhat_00002.1.el8eap
H Server-Side Request Forgery (SSRF)	<0:2.3.4-1.redhat_00002.1.el8eap
H Cross-site Scripting (XSS)	<0:2.3.4-1.redhat_00002.1.el8eap
M Link Following	<0:2.2.6-1.redhat_00002.1.el8eap
M Information Exposure Through Log Files	<0:2.2.6-1.redhat_00002.1.el8eap
H Improper Input Validation	<0:2.1.4-1.redhat_00001.1.el8eap
M Information Exposure	<0:2.1.7-1.redhat_00001.1.el8eap
M Files or Directories Accessible to External Parties	<0:2.1.7-1.redhat_00001.1.el8eap
H Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade')	<0:2.1.4-1.redhat_00001.1.el8eap
M Resource Exhaustion	<0:2.1.7-1.redhat_00001.1.el8eap
H Out-of-bounds Read	<0:2.1.4-1.redhat_00001.1.el8eap
M Information Exposure	<0:2.1.7-1.redhat_00001.1.el8eap
H Resource Exhaustion	<0:2.1.4-1.redhat_00001.1.el8eap
H HTTP Request Smuggling	<0:2.1.4-1.redhat_00001.1.el8eap
H HTTP Request Smuggling	<0:2.1.4-1.redhat_00001.1.el8eap
H HTTP Request Smuggling	<0:2.1.4-1.redhat_00001.1.el8eap
M Resource Exhaustion	<0:2.1.7-1.redhat_00001.1.el8eap
M Information Exposure	<0:2.1.7-1.redhat_00001.1.el8eap
H Deserialization of Untrusted Data	<0:2.1.4-1.redhat_00001.1.el8eap