20 matches found
Predictable Seed in Pseudo-Random Number Generator (PRNG)
Overview Affected versions of this package are vulnerable to Predictable Seed in Pseudo-Random Number Generator PRNG via the use of RandomStringUtils with the default java.util.Random PRNG. An attacker can recover sensitive information by predicting the server-side encryption key if they can obta...
EUVD-2019-0762
Malware in sbrugna...
EUVD-2022-3859
Malicious code in bioql PyPI...
CVE-2019-10754
Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong...
GHSA-6GCH-63WP-4V5F Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability
In Apache Linkis = 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils. Users are recommended to upgrade to version 1.6.0, which fixes this issue...
Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability
In Apache Linkis = 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils. Users are recommended to upgrade to version 1.6.0, which fixes this issue...
CVE-2024-39928
In Apache Linkis = 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils. Users are recommended to upgrade to version 1.6.0, which fixes this issue...
CVE-2024-39928 Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability
In Apache Linkis = 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils. Users are recommended to upgrade to version 1.6.0, which fixes this issue...
CVE-2024-39928 Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability
In Apache Linkis = 1.5.0, a Random string security vulnerability in Spark EngineConn, random string generated by the Token when starting Py4j uses the Commons Lang's RandomStringUtils. Users are recommended to upgrade to version 1.6.0, which fixes this issue...
CVE-2024-39928
Summary of CVE-2024-39928 (Apache Linkis Spark EngineConn) Affected software: Apache Linkis Spark EngineConn in versions up to 1.5.0 (engine component referenced as EngineConn/Spark EngineConn). Vulnerability: Random string generation for Py4j token uses Commons Lang’s RandomStringUtils, enabling...
PT-2024-28740 · Apache · Spark Engineconn +2
Name of the Vulnerable Software and Affected Versions: Apache Linkis versions 1.3.0 through 1.5.0 Description: A Random string security vulnerability exists in Spark EngineConn, where the random string generated by the Token when starting Py4j uses Commons Lang's RandomStringUtils. Recommendation...
GHSA-G24W-373R-5PXG Use of Insufficiently Random Values in Apereo CAS
Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong...
Use of Cryptographically Weak Pseudo-Random Number Generator in org.pac4j:pac4j-saml
The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. This issue only affects the 3.X release of pac4j-saml...
CVE-2019-10754
Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong...
CVE-2019-10755
The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. This issue only affects the 3.X release of pac4j-saml...
CVE-2019-10754
Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong...
CVE-2019-10755
The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. This issue only affects the 3.X release of pac4j-saml...
CVE-2019-10754
Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong...
Insecure Randomness
Overview org.apereo.cas:cas-server-support-shell is a package for the CAS command-line shell provides the ability to query the CAS server for help on available settings/modules and various other utility functions. Affected versions of this package are vulnerable to Insecure Randomness. A insecure...
CVE-2019-16303
CVE-2019-16303 affects JHipster-generated apps: a class produced by the Generator (before 6.3.0) and JHipster Kotlin (through 1.1.0) uses an insecure RNG (apache.commons.lang3 RandomStringUtils) to create password reset tokens. This can enable an attacker who obtains their own password reset URL ...