Homepage

org.wildfly:wildfly-ejb3@20.0.0.Final vulnerabilities

  • latest version

    34.0.1.Final

  • latest non vulnerable version

    35.0.0.Beta1

  • first published

    11 years ago

  • latest version published

    1 months ago

  • licenses detected

  • package manager

    View on Maven Repository
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the org.wildfly:wildfly-ejb3 package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • L
    Improper Access Control

    org.wildfly:wildfly-ejb3 is a WildFly Application Server

    Affected versions of this package are vulnerable to Improper Access Control when returning an incorrect caller principal under certain heavily concurrent situations when Elytron Security is used. This flaw allows an attacker to gain improper access to information they should not have.

    Note: JBoss EAP 7.1 until 7.4 is not affected by default as it comes with Legacy Security enabled out-of-the-box.

    How to fix Improper Access Control?

    Upgrade org.wildfly:wildfly-ejb3 to version 26.1.1.Final, 27.0.0.Alpha2 or higher.

    [,26.1.1.Final)[27.0.0.Alpha1,27.0.0.Alpha2)
    Go back to all versions of this package