CVE-2019-10755
The CVE-2019-10755 entry concerns pac4j-saml and the 3.X release line. The issue is that the SAML identifier generated in SAML2Utils.java uses Apache Commons Lang3 RandomStringUtils, whose PRNG is not cryptographically strong, leading to predictable randomness for SAML identifiers. This weakness ...