org.wildfly.security:wildfly-elytron-http-oidc@1.18.3.Final vulnerabilities

latest version

2.6.0.Final

latest non vulnerable version

2.6.0.Final

first published

3 years ago

latest version published

2 months ago

licenses detected

Apache-2.0
[1.15.7.Final,)

package manager

View on Maven Repository

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.wildfly.security:wildfly-elytron-http-oidc package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
H Insufficient Verification of Data Authenticity Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity due to a flaw in the `OidcSessionTokenStore` when determining if a cached token should be used. This logic fails to properly consider the new `provider-url` option alongside the `realm` option, leading to improper authentication handling. How to fix Insufficient Verification of Data Authenticity? Upgrade `org.wildfly.security:wildfly-elytron-http-oidc` to version 2.2.5.Final or higher.	[,2.2.5.Final)

Insufficient Verification of Data Authenticity

Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity due to a flaw in the OidcSessionTokenStore when determining if a cached token should be used. This logic fails to properly consider the new provider-url option alongside the realm option, leading to improper authentication handling.

How to fix Insufficient Verification of Data Authenticity?

Upgrade org.wildfly.security:wildfly-elytron-http-oidc to version 2.2.5.Final or higher.

[,2.2.5.Final)

Go back to all versions of this package