Lucene search
K

5 matches found

RedHat Linux
RedHat Linux
added 2025/06/25 12:21 a.m.4 views

EAP: wildfly-elytron has a SSRF security issue

A flaw was found in JwtValidator.resolvePublicKey in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery SSRF vulnerabili...

7.3CVSS5.8AI score0.00778EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/06/25 12:16 a.m.8 views

EAP: wildfly-elytron has a SSRF security issue

A flaw was found in JwtValidator.resolvePublicKey in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery SSRF vulnerabili...

7.3CVSS5.8AI score0.00778EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2024/06/04 11:7 a.m.7 views

EAP: wildfly-elytron has a SSRF security issue

A flaw was found in JwtValidator.resolvePublicKey in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery SSRF vulnerabili...

7.3CVSS5.8AI score0.00778EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2024/06/03 5:2 p.m.4 views

EAP: wildfly-elytron has a SSRF security issue

A flaw was found in JwtValidator.resolvePublicKey in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery SSRF vulnerabili...

7.3CVSS5.8AI score0.00778EPSS
Exploits0References7
OSV
OSV
added 2024/04/09 9:31 a.m.8 views

GHSA-V4MM-Q8FV-R2W5 WildFly Elytron: SSRF security issue

A flaw was found in JwtValidator.resolvePublicKey in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery SSRF vulnerabili...

7.3CVSS5.8AI score0.00778EPSS
Exploits0References16
Rows per page
Query Builder