Session Fixation Affecting org.infinispan:infinispan-spring5-embedded package, versions [,9.4.15.Final) [10.0.0.Alpha1,10.0.0.Beta4)


0.0
medium
  • Attack Complexity

    High

  • User Interaction

    Required

  • Confidentiality

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-JAVA-ORGINFINISPAN-540491

  • published

    2 Jan 2020

  • disclosed

    2 Jan 2020

  • credit

    Car7ograph3r

How to fix?

Upgrade org.infinispan:infinispan-spring5-embedded to version 9.4.15.Final, 10.0.0.Beta4 or higher.

Overview

org.infinispan:infinispan-spring5-embedded is a Java library for Infinispan Spring 5 Embedded Support.

Affected versions of this package are vulnerable to Session Fixation. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.