ai.tock:bot-test (=23.9.2), ai.tock:bot-test-base (=23.9.2) +498 more potentially affected by CVE-2026-40458 via org.pac4j:pac4j-core (>=6.0.0-RC1 <=6.4.0)

org.pac4j:pac4j-core MAVEN version =6.0.0-RC1, =6.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.pac4j:pac4j-core and may be impacted: - ai.tock:bot-test =23.9.2 - ai.tock:bot-test-base =23.9.2 - ai.tock:bot-toolkit =23.9.2 -...

Untitled

org.pac4j:pac4j-core is vulnerable to Deserialization of Untrusted Data. The vulnerability is due to the handling of serialized Java objects inside the InternalAttributeHandlerprepare method. An attacker can execute arbitrary code by providing a specially crafted attribute that contains a...

ca.ibodrov.concord:testcontainers-concord (>=0.0.2 <=0.0.20), ca.ibodrov.concord:testcontainers-concord-core (>=0.0.21 <=2.0.2) +945 more potentially affected by CVE-2023-25581 via org.pac4j:pac4j-core (>=1.4.0 <=4.0.0-RC3)

org.pac4j:pac4j-core MAVEN version =1.4.0, =0.0.2, =0.0.21, =0.0.6, =0.5.0, =0.1.0, =12.1.0, =12.1.1, =12.1.2, =12.1.0, =12.1.4, =1.1.0, =1.1.0, =1.1.0, =1.1.2 and more Source cves: CVE-2023-25581 Source advisory: OSV:GHSA-76MW-6P95-X9X5...