org.apache.cxf:cxf-rt-ws-security@3.1.6 vulnerabilities
-
latest version
4.0.5
-
latest non vulnerable version
-
first published
17 years ago
-
latest version published
4 months ago
-
licenses detected
- [2.0.6,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.cxf:cxf-rt-ws-security package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user. |
[,3.0.14)
[3.1.0,3.1.11)
|