Session Fixation Affecting org.infinispan:infinispan-spring5-remote Open this link in a new tab package, versions [,9.4.15.Final) [10.0.0.Alpha1,10.0.0.Beta4)


0.0
medium
  • Attack Complexity

    High

  • User Interaction

    Required

  • Confidentiality

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-JAVA-ORGINFINISPAN-540492

  • published

    2 Jan 2020

  • disclosed

    2 Jan 2020

  • credit

    Car7ograph3r

How to fix?

Upgrade org.infinispan:infinispan-spring5-remote to version 9.4.15.Final, 10.0.0.Beta4 or higher.

Overview

org.infinispan:infinispan-spring5-remote is a package for Infinispan Spring 5 Remote Support.

Affected versions of this package are vulnerable to Session Fixation. An improper implementation of the session fixation protection in the Spring Session integration can result in incorrect session handling.