com.github.httpmock:mock-http-server-junit (>=1.0.0 <=1.1.5), com.github.httpmock:mock-http-server-standalone (>=1.0.0 <=1.1.9) +41 more potentially affected by CVE-2011-4367 via org.apache.myfaces.core:myfaces-impl (>=2.1.0 <=2.1.5)

org.apache.myfaces.core:myfaces-impl MAVEN version =2.1.0, =1.0.0, =1.0.0, =0.9.5, =0.9.6, =0.9.6, =2.4.2, =2.1.0, =2.1.0, =2.1.3, =2.1.3, =2.1.3, =2.1.3, =1.0.1, =1.5.1, =1.5.1, =1.7.5 and more Source cves: CVE-2011-4367 Source advisory: OSV:GHSA-GJFX-9WX3-J6R7...

Insecure Anti-CSRF Tokens

myfaces-impl uses an insecure cryptographic random for anti-CSRF tokens. The usage of the insecure tokens would allow an attacker to predict subsequent anti-CSRF token values and successfully perform requests on behalf of the users...