26.1.0
7 years ago
1 months ago
Known vulnerabilities in the org.keycloak:keycloak-saml-wildfly-elytron-adapter package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for freeVulnerability | Vulnerable Version |
---|---|
Affected versions of this package are vulnerable to Session Fixation due to the improper handling of session IDs and JSESSIONID cookies during the login process. An attacker can hijack the current session before authentication to trigger session fixation. How to fix Session Fixation? Upgrade | [,22.0.12)[24.0.0,24.0.7)[25.0.0,25.0.5) |
Affected versions of this package are vulnerable to Session Fixation via the How to fix Session Fixation? Upgrade | [,25.0.5) |