CVE-2026-40458

PAC4J is vulnerable to Cross-Site Request Forgery CSRF. A malicious attacker can craft a specially designed website which, when visited by a user, will automatically submit a forged cross-site request with a token whose hash collides with the victim's legitimate CSRF token. Importantly, the...

ca.ibodrov.concord:testcontainers-concord (>=0.0.2 <=0.0.20), ca.ibodrov.concord:testcontainers-concord-core (>=0.0.21 <=2.0.2) +945 more potentially affected by CVE-2023-25581 via org.pac4j:pac4j-core (>=1.4.0 <=4.0.0-RC3)

org.pac4j:pac4j-core MAVEN version =1.4.0, =0.0.2, =0.0.21, =0.0.6, =0.5.0, =0.1.0, =12.1.0, =12.1.1, =12.1.2, =12.1.0, =12.1.4, =1.1.0, =1.1.0, =1.1.0, =1.1.2 and more Source cves: CVE-2023-25581 Source advisory: OSV:GHSA-76MW-6P95-X9X5...

CVE-2023-25581

The CVE-2023-25581 entry concerns pac4j-core before 4.0.0, where a Java deserialization vulnerability in UserProfile attributes can be triggered by a serialized object with a {#sb64} prefix and Base64 encoding, potentially leading to RCE. Affected versions are prior to 4.0.0; 4.0.0 and later are ...