Session Fixation Affecting org.infinispan:infinispan-spring5-embedded package, versions [,9.4.15.Final) [10.0.0.Alpha1,10.0.0.Beta4)

Attack Complexity

High
User Interaction

Required
Confidentiality

High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

snyk-id

SNYK-JAVA-ORGINFINISPAN-540491
published

2 Jan 2020
disclosed

2 Jan 2020
credit

Car7ograph3r

Report a new vulnerability Found a mistake?

Introduced: 2 Jan 2020

CVE-2019-10158 Open this link in a new tab CWE-384 Open this link in a new tab

How to fix?

Upgrade org.infinispan:infinispan-spring5-embedded to version 9.4.15.Final, 10.0.0.Beta4 or higher.

Overview

org.infinispan:infinispan-spring5-embedded is a Java library for Infinispan Spring 5 Embedded Support.

Affected versions of this package are vulnerable to Session Fixation. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.

Session Fixation Affecting org.infinispan:infinispan-spring5-embedded package, versions [,9.4.15.Final) [10.0.0.Alpha1,10.0.0.Beta4)

Attack Complexity

User Interaction

Confidentiality

snyk-id

published

disclosed

credit

Introduced: 2 Jan 2020

How to fix?

Overview

References