io.openliberty:openliberty-runtime@20.0.0.1 vulnerabilities

latest version

24.0.0.12

latest non vulnerable version

24.0.0.12

first published

7 years ago

latest version published

15 days ago

licenses detected

EPL-1.0
[17.0.0.3,23.0.0.3)

package manager

View on Maven Repository

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the io.openliberty:openliberty-runtime package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
L Username Enumeration io.openliberty:openliberty-runtime is a dynamic application server runtime environment. Affected versions of this package are vulnerable to Username Enumeration. Liberty could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts. How to fix Username Enumeration? Upgrade `io.openliberty:openliberty-runtime` to version 21.0.0.10 or higher.	[17.0.0.3,21.0.0.10)

Username Enumeration

io.openliberty:openliberty-runtime is a dynamic application server runtime environment.

Affected versions of this package are vulnerable to Username Enumeration. Liberty could allow a remote user to enumerate usernames due to a difference of responses from valid and invalid login attempts.

How to fix Username Enumeration?

Upgrade io.openliberty:openliberty-runtime to version 21.0.0.10 or higher.

[17.0.0.3,21.0.0.10)

Go back to all versions of this package