org.wildfly.core:wildfly-elytron-integration: Wildfly Elytron Brute Force Attack via CLI

A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI...

org.wildfly.core:wildfly-elytron-integration: Wildfly Elytron Brute Force Attack via CLI

A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI...

org.wildfly.core:wildfly-elytron-integration: Wildfly Elytron Brute Force Attack via CLI

A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI...

Wildfly Elytron integration susceptible to brute force attacks via CLI

Impact A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI. Patches The default behaviour has been changed in...

GHSA-QHP6-6P8P-2RQH Wildfly Elytron integration susceptible to brute force attacks via CLI

Impact A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI. Patches The default behaviour has been changed in...

org.wildfly.core:wildfly-core-feature-pack-common (>=30.0.0.Beta1 <=31.0.2.Final), org.wildfly.core:wildfly-core-galleon-pack (>=30.0.0.Beta1 <=31.0.2.Final) +1 more potentially affected by CVE-2025-23368 via org.wildfly.core:wildfly-elytron-integration (>=30.0.0.Beta1 <=31.0.2.Final)

org.wildfly.core:wildfly-elytron-integration MAVEN version =30.0.0.Beta1, =30.0.0.Beta1, =30.0.0.Beta1, =30.0.0.Beta1, =31.0.2.Final Source cves: CVE-2025-23368 Source advisory: OSV:GHSA-QHP6-6P8P-2RQH...

BIT-WILDFLY-2022-0866

This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. In particular, the org.jboss.as.ejb3.component.EJBComponent class has an incomingRunAsIdentity field. This field is used by the...

EUVD-2020-12577

Malware in sbrugna...

EUVD-2019-13503

Malware in sbrugna...

EUVD-2022-15908

Malicious code in bioql PyPI...

EUVD-2025-7628

Malicious code in bioql PyPI...

EUVD-2022-4736

Malicious code in bioql PyPI...

EUVD-2023-0497

Malicious code in bioql PyPI...

EUVD-2022-2493

Malicious code in bioql PyPI...

EUVD-2024-3427

Malicious code in bioql PyPI...

EUVD-2022-0888

Malicious code in bioql PyPI...

wildfly-elytron: possible timing attacks via use of unsafe comparator

A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or...

EAP: wildfly-elytron has a SSRF security issue

A flaw was found in JwtValidator.resolvePublicKey in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery SSRF vulnerabili...

wildfly-elytron: possible timing attacks via use of unsafe comparator

A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or...

EAP: wildfly-elytron has a SSRF security issue

A flaw was found in JwtValidator.resolvePublicKey in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery SSRF vulnerabili...