io.wcm:io.wcm.testing.wcm-io-mock.caconfig (=1.2.0), org.apache.jackrabbit:oak-auth-external (>=1.10.0 <=1.10.7) +14 more potentially affected by CVE-2020-1940 via org.apache.jackrabbit:oak-core (>=1.10.0 <=1.10.7)

org.apache.jackrabbit:oak-core MAVEN version =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.10.0, =1.10.7 and more Source cves: CVE-2020-1940 Source advisory: OSV:GHSA-3H68-WVV6-8R5H...

com.adobe.cq:core.wcm.components.testing.aem-mock-plugin (>=2.22.0 <=2.30.4), com.cognifide.aem.bundle:com.cognifide.aem.bundle.gradle.plugin (=12.0.0-beta) +58 more potentially affected by CVE-2020-1940 via org.apache.jackrabbit:oak-core (>=1.12.0 <=1.22.9)

org.apache.jackrabbit:oak-core MAVEN version =1.12.0, =2.22.0, =5.0.0, =5.0.0, =5.0.0, =1.5.0, =1.0.0, =1.1.0 and more Source cves: CVE-2020-1940 Source advisory: OSV:GHSA-3H68-WVV6-8R5Hhttps://vulners.com/osv/OSV:GHSA-3H6...

Information Disclosure

oak-core is vulnerable to information disclosure. The optional initial password change and password expiration features causes the new password to be disclosed due to the credentials object being retained and not removed upon a successful password change...

Timing Attack

Oak Core is vulnerable to timing attacks. Different responses are given for existing and non-existing user names from the server, allowing attackers to focus on guessing passwords for existing accounts...