org.wildfly.security:wildfly-elytron@1.10.17.Final vulnerabilities

  • latest version

    2.6.4.Final

  • latest non vulnerable version

  • first published

    10 years ago

  • latest version published

    2 months ago

  • licenses detected

  • package registry

  • Direct Vulnerabilities

    Known vulnerabilities in the org.wildfly.security:wildfly-elytron package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Session Fixation

    org.wildfly.security:wildfly-elytron is a new WildFly sub-project which is completely replacing the combination of PicketBox and JAAS as the WildFly client and server security mechanism.

    Affected versions of this package are vulnerable to Session Fixation. When using FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack.

    How to fix Session Fixation?

    Upgrade org.wildfly.security:wildfly-elytron to version 1.6.7.Final, 1.11.4.Final or higher.

    [,1.6.7.Final)[1.7.0.CR1,1.11.4.Final)