Vulnerability	Vulnerable Version
C Authorization bypass org.jgroups:jgroups is a reliable cluster communication toolkit. Affected versions of this package are vulnerable to Authorization bypass. JGroups before 4.0 does not require the proper headers for the ENCRYPT and AUTH protocols from nodes joining the cluster, which allows remote attackers to bypass security restrictions and send and receive messages within the cluster via unspecified vectors. How to fix Authorization bypass? Upgrade `org.jgroups:jgroups` to version 3.2.16.Final, 3.6.10.Final, 2.6.22.Final or higher.	[3.2.9.Final,3.2.16.Final)[3.3.0.CR1,3.6.10.Final)[,2.6.22.Final)

Authorization bypass

org.jgroups:jgroups is a reliable cluster communication toolkit.

Affected versions of this package are vulnerable to Authorization bypass. JGroups before 4.0 does not require the proper headers for the ENCRYPT and AUTH protocols from nodes joining the cluster, which allows remote attackers to bypass security restrictions and send and receive messages within the cluster via unspecified vectors.

How to fix Authorization bypass?

Upgrade org.jgroups:jgroups to version 3.2.16.Final, 3.6.10.Final, 2.6.22.Final or higher.

[3.2.9.Final,3.2.16.Final)[3.3.0.CR1,3.6.10.Final)[,2.6.22.Final)

Go back to all versions of this package