org.wildfly.core:wildfly-elytron-integration: Wildfly Elytron Brute Force Attack via CLI

A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI...

org.wildfly.core:wildfly-elytron-integration: Wildfly Elytron Brute Force Attack via CLI

A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI...

org.wildfly.core:wildfly-elytron-integration: Wildfly Elytron Brute Force Attack via CLI

A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI...

Wildfly Elytron integration susceptible to brute force attacks via CLI

Impact A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI. Patches The default behaviour has been changed in...

GHSA-QHP6-6P8P-2RQH Wildfly Elytron integration susceptible to brute force attacks via CLI

Impact A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI. Patches The default behaviour has been changed in...

EUVD-2020-12577

Malware in sbrugna...

EUVD-2025-7628

Malicious code in bioql PyPI...

EUVD-2023-0497

Malicious code in bioql PyPI...

EUVD-2022-2493

Malicious code in bioql PyPI...

EUVD-2024-3427

Malicious code in bioql PyPI...

EUVD-2022-0888

Malicious code in bioql PyPI...

wildfly-elytron: possible timing attacks via use of unsafe comparator

A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or...

EAP: wildfly-elytron has a SSRF security issue

A flaw was found in JwtValidator.resolvePublicKey in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery SSRF vulnerabili...

wildfly-elytron: possible timing attacks via use of unsafe comparator

A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or...

EAP: wildfly-elytron has a SSRF security issue

A flaw was found in JwtValidator.resolvePublicKey in JBoss EAP, where the validator checks jku and sends a HTTP request. During this process, no whitelisting or other filtering behavior is performed on the destination URL address, which may result in a server-side request forgery SSRF vulnerabili...

io.hawt:hawtio-wildfly (=2.17.7), io.kokuwa.keycloak:keycloak-event-metrics (>=0.1.0 <=1.0.0) +133 more potentially affected by CVE-2024-12369 via org.wildfly.security:wildfly-elytron-http-oidc (>=1.17.0.Final <=2.2.8.Final)

org.wildfly.security:wildfly-elytron-http-oidc MAVEN version =1.17.0.Final, =0.1.0, =9.4.45.v20220203, =9.4.45.v20220203, =9.4.45.v20220203, =10.0.8, =12.0.1, =12.0.1, =12.0.1, =10.0.10, =13.0.0.CR1, =3.1.0.Final, =3.1.1.Alpha1 - org.jboss.resteasy.spring:galleon-feature-pack-layers-metadata-test...

org.eclipse.jetty.documentation:code-examples (>=10.0.22 <=11.0.25), org.eclipse.jetty:infinispan-common (>=10.0.21 <=11.0.25) +15 more potentially affected by CVE-2024-12369 via org.wildfly.security:wildfly-elytron (>=2.3.0.Final <=2.6.0.Final)

org.wildfly.security:wildfly-elytron MAVEN version =2.3.0.Final, =10.0.22, =10.0.21, =10.0.21, =10.0.21, =10.0.21, =10.0.21, =26.0.0, =26.0.0, =26.0.0, =2.1.0.Final, =2.1.0.Final, =2.1.4.Final and more Source cves: CVE-2024-12369 Source advisory: OSV:GHSA-5565-3C98-G6JC...

WildFly Elytron OpenID Connect Client ExtensionOIDC authorization code injection attack

Impact A vulnerability was found in OIDC-Client. When using the elytron-oidc-client subsystem with WildFly, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with the client with a victim's identity. This is...

br.eti.clairton:ds-test (>=1.0.1 <=1.2.1), br.unb.erlangms:ems_java (=1.0.8.8) +394 more potentially affected by CVE-2024-12369 via org.wildfly.security:wildfly-elytron (>=1.17.0.Final <=2.2.7.Final)

org.wildfly.security:wildfly-elytron MAVEN version =1.17.0.Final, =1.0.1, =1.6.10, =1.6.10, =2020.10.30-4240, =2020.10.30-4240, =6.2.0, =0.1.0, =1.0.1, =6.3.0, =0.2.10-wildfly15, =0.2.10-wildfly15, =0.2, =0.3...

GHSA-5565-3C98-G6JC WildFly Elytron OpenID Connect Client ExtensionOIDC authorization code injection attack

Impact A vulnerability was found in OIDC-Client. When using the elytron-oidc-client subsystem with WildFly, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with the client with a victim's identity. This is...