Session Fixation Affecting org.infinispan:infinispan-spring5-embedded Open this link in a new tab package, versions [,9.4.15.Final) [10.0.0.Alpha1,10.0.0.Beta4)
Attack Complexity
High
User Interaction
Required
Confidentiality
High
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications-
snyk-id
SNYK-JAVA-ORGINFINISPAN-540491
-
published
2 Jan 2020
-
disclosed
2 Jan 2020
-
credit
Car7ograph3r
Introduced: 2 Jan 2020
CVE-2019-10158 Open this link in a new tabHow to fix?
Upgrade org.infinispan:infinispan-spring5-embedded
to version 9.4.15.Final, 10.0.0.Beta4 or higher.
Overview
org.infinispan:infinispan-spring5-embedded is a Java library for Infinispan Spring 5 Embedded Support.
Affected versions of this package are vulnerable to Session Fixation. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.