org.apache.cxf:cxf-rt-rs-security-sso-oidc@3.2.4 vulnerabilities
latest version
4.1.0
latest non vulnerable version
first published
10 years ago
latest version published
2 months ago
licenses detected
- [3.0.3,)
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.cxf:cxf-rt-rs-security-sso-oidc package. This does not include vulnerabilities belonging to this package’s dependencies.
How to fix?
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
org.apache.cxf:cxf-rt-rs-security-sso-oidc is an Apache CXF Runtime OpenId Connect library. Affected versions of this package are vulnerable to Improper Access Control. There is a vulnerability in the access token services, where it does not validate that the authenticated principal is equal to that of the supplied clientId parameter in the request. If a malicious client was able to somehow steal an authorization code issued to another client, then they could exploit this vulnerability to obtain an access token for the other client. How to fix Improper Access Control? Upgrade | [3.3.0,3.3.4)[3.2.0,3.2.11) |