acegisecurity:acegi-security (>=0.8.2 <=0.9.0), acegisecurity:acegi-security-cas (=0.9.0) +15092 more potentially affected by CVE-2021-37533 via commons-net:commons-net (>=1.0.0 <=3.8.0)

commons-net:commons-net MAVEN version =1.0.0, =0.8.2, =0.25-rc1, =0.25-rc1, =0.25, =0.25, =1.2.7 and more Source cves: CVE-2021-37533 Source advisory: OSV:GHSA-CGP8-4M63-FHH5...

Information Disclosure

commons-net is vulnerable to information disclosure. The vulnerability is possible because newStringUtf8 in Base64.java does not prevent the storage of sensitive data in a String object which would not be deleted until the JVM performs garbage collection. There is a chance for an attacker to...