ai.tock:bot-test (=23.9.2), ai.tock:bot-test-base (=23.9.2) +498 more potentially affected by CVE-2026-40458 via org.pac4j:pac4j-core (>=6.0.0-RC1 <=6.4.0)

org.pac4j:pac4j-core MAVEN version =6.0.0-RC1, =6.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.pac4j:pac4j-core and may be impacted: - ai.tock:bot-test =23.9.2 - ai.tock:bot-test-base =23.9.2 - ai.tock:bot-toolkit =23.9.2 -...

Cross-site Request Forgery (CSRF)

Overview org.pac4j:pac4j-core is a pac4j is an easy and powerful security engine for Java to authenticate users, get their profiles and manage authorizations in order to secure web applications and web services. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF d...

ai.tock:bot-test (=23.9.2), ai.tock:bot-test-base (=23.9.2) +498 more potentially affected by CVE-2026-40458 via org.pac4j:pac4j-core (>=6.0.0-RC1 <=6.4.0)

org.pac4j:pac4j-core MAVEN version =6.0.0-RC1, =6.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.pac4j:pac4j-core and may be impacted: - ai.tock:bot-test =23.9.2 - ai.tock:bot-test-base =23.9.2 - ai.tock:bot-toolkit =23.9.2 -...

ai.tock:bot-test (>=22.3.0 <=23.9.1), ai.tock:bot-test-base (>=22.3.0 <=23.9.1) +1285 more potentially affected by CVE-2026-40458 via org.pac4j:pac4j-core (>=1.4.0 <=5.7.1)

org.pac4j:pac4j-core MAVEN version =1.4.0, =22.3.0, =22.3.0, =22.3.0, =22.3.0, =22.3.0, =23.9.0, =22.3.0, =22.3.0, =22.3.0, =22.3.0, =22.3.0, =22.3.0, =22.3.0, =22.3.0, =22.3.0, =23.9.1 and more Source cves: CVE-2026-40458 Source advisory: OSV:GHSA-XW5C-JC7X-GF75...

ai.tock:bot-test (>=22.9.0 <=23.9.1), ai.tock:bot-test-base (>=22.9.0 <=23.9.1) +469 more potentially affected by CVE-2026-40458 via org.pac4j:pac4j-core (>=5.0.0-RC1 <=5.7.1)

org.pac4j:pac4j-core MAVEN version =5.0.0-RC1, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =23.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =22.9.0, =23.9.1 and more Source cves: CVE-2026-40458 Source advisory: SNYK:JAVA-ORGPAC4J-16109661...

CVE-2023-25581

pac4j is a security framework for Java. pac4j-core prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the UserProfile class from pac4j-core. It can be exploited by providing an...

Untitled

org.pac4j:pac4j-core is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to the handling of serialized Java objects inside the InternalAttributeHandlerprepare method. An attacker can execute arbitrary code by providing a specially crafted attribute that contains a...

Exploit for CVE-2023-25581

This Python script demonstrates the exploitation of the CVE-2023...

ca.ibodrov.concord:testcontainers-concord (>=0.0.2 <=0.0.20), ca.ibodrov.concord:testcontainers-concord-core (>=0.0.21 <=2.0.2) +945 more potentially affected by CVE-2023-25581 via org.pac4j:pac4j-core (>=1.4.0 <=4.0.0-RC3)

org.pac4j:pac4j-core MAVEN version =1.4.0, =0.0.2, =0.0.21, =0.0.6, =0.5.0, =0.1.0, =12.1.0, =12.1.1, =12.1.2, =12.1.0, =12.1.4, =1.1.0, =1.1.0, =1.1.0, =1.1.2 and more Source cves: CVE-2023-25581 Source advisory: OSV:GHSA-76MW-6P95-X9X5...

EUVD-2024-2974

pac4j is a security framework for Java. pac4j-core prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the UserProfile class from pac4j-core. It can be exploited by providing an...

CVE-2023-25581 Deserialization of untrusted data in InternalAttributeHandler in pac4j

pac4j is a security framework for Java. pac4j-core prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the UserProfile class from pac4j-core. It can be exploited by providing an...