org.keycloak:keycloak-saml-wildfly-elytron-adapter@4.0.0.Beta3 vulnerabilities

  • latest version

    26.1.0

  • latest non vulnerable version

  • first published

    7 years ago

  • latest version published

    1 months ago

  • licenses detected

  • package manager

  • Direct Vulnerabilities

    Known vulnerabilities in the org.keycloak:keycloak-saml-wildfly-elytron-adapter package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Session Fixation

    Affected versions of this package are vulnerable to Session Fixation due to the improper handling of session IDs and JSESSIONID cookies during the login process. An attacker can hijack the current session before authentication to trigger session fixation.

    How to fix Session Fixation?

    Upgrade org.keycloak:keycloak-saml-wildfly-elytron-adapter to version 22.0.12, 24.0.7, 25.0.5 or higher.

    [,22.0.12)[24.0.0,24.0.7)[25.0.0,25.0.5)
    • H
    Session Fixation

    Affected versions of this package are vulnerable to Session Fixation via the IDs and JSESSIONID cookies during the login process. An attacker who hijacks the current session before authentication can maintain control over the session after the victim authenticates.

    How to fix Session Fixation?

    Upgrade org.keycloak:keycloak-saml-wildfly-elytron-adapter to version 25.0.5 or higher.

    [,25.0.5)