GHSA-5499-qjvh-6j7w
Suggest an improvement- Source
- https://github.com/advisories/GHSA-5499-qjvh-6j7w
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5499-qjvh-6j7w/GHSA-5499-qjvh-6j7w.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-5499-qjvh-6j7w
- Aliases
- Published
- 2022-05-24T19:10:03Z
- Modified
- 2023-11-08T04:06:14.334725Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Observable Discrepancy in Wildfly Elytron
- Details
-
A flaw was found in Wildfly Elytron where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality. This flaw affectes Wildfly Elytron versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final.
- References
Affected packages
Maven / org.wildfly.security:wildfly-elytron
Package
- Name
- org.wildfly.security:wildfly-elytron
- View open source insights on deps.dev
- Purl
- pkg:maven/org.wildfly.security/wildfly-elytron
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.10.14
Affected versions
1.*
1.0.0.Alpha1
1.0.0.Alpha2
1.0.0.Alpha3
1.0.0.CR1
1.0.0.Final
1.0.1.Final
1.0.2.Final
1.0.3.Final
1.0.4.Final
1.1.0.Alpha1
1.1.0.Beta1
1.1.0.Beta2
1.1.0.Beta3
1.1.0.Beta4
1.1.0.Beta5
1.1.0.Beta6
1.1.0.Beta7
1.1.0.Beta8
1.1.0.Beta9
1.1.0.Beta10
1.1.0.Beta11
1.1.0.Beta12
1.1.0.Beta13
1.1.0.Beta14
1.1.0.Beta15
1.1.0.Beta16
1.1.0.Beta17
1.1.0.Beta18
1.1.0.Beta19
1.1.0.Beta20
1.1.0.Beta21
1.1.0.Beta22
1.1.0.Beta23
1.1.0.Beta24
1.1.0.Beta25
1.1.0.Beta26
1.1.0.Beta27
1.1.0.Beta28
1.1.0.Beta29
1.1.0.Beta30
1.1.0.Beta31
1.1.0.Beta31-SP1
1.1.0.Beta32
1.1.0.Beta33
1.1.0.Beta34
1.1.0.Beta35
1.1.0.Beta36
1.1.0.Beta37
1.1.0.Beta38
1.1.0.Beta39
1.1.0.Beta40
1.1.0.Beta41
1.1.0.Beta42
1.1.0.Beta43
1.1.0.Beta44
1.1.0.Beta45
1.1.0.Beta46
1.1.0.Beta47
1.1.0.Beta48
1.1.0.Beta49
1.1.0.Beta50
1.1.0.Beta51
1.1.0.Beta52
1.1.0.Beta53
1.1.0.Beta54
1.1.0.Beta55
1.1.0.CR1
1.1.0.CR2
1.1.0.CR3
1.1.0.CR4
1.1.0.CR5
1.1.0.CR6
1.1.0.Final
1.1.1.Final
1.1.2.CR1
1.1.2.Final
1.1.3.Final
1.1.4.Final
1.1.5.Final
1.1.6.Final
1.1.7.Final
1.1.9.Final
1.1.10.Final
1.1.11.Final
1.1.12.Final
1.2.0.Beta1
1.2.0.Beta2
1.2.0.Beta3
1.2.0.Beta4
1.2.0.Beta5
1.2.0.Beta6
1.2.0.Beta7
1.2.0.Beta8
1.2.0.Beta9
1.2.0.Beta10
1.2.0.Beta11
1.2.0.Beta12
1.2.0.Final
1.2.1.Final
1.2.2.Final
1.2.3.Final
1.2.4.Final
1.3.0.Final
1.3.1.Final
1.3.2.Final
1.3.3.Final
1.4.0.Final
1.5.0.Final
1.5.1.Final
1.5.2.Final
1.5.3.Final
1.5.4.Final
1.5.5.Final
1.6.0.Final
1.6.1.Final
1.6.2.Final
1.6.3.Final
1.6.4.Final
1.6.5.Final
1.6.6.Final
1.6.7.Final
1.6.8.Final
1.7.0.CR1
1.7.0.CR2
1.7.0.CR3
1.7.0.Final
1.8.0.CR1
1.8.0.CR2
1.8.0.Final
1.9.0.CR1
1.9.0.CR2
1.9.0.CR3
1.9.0.CR4
1.9.0.CR5
1.9.0.Final
1.9.1.Final
1.10.0.CR1
1.10.0.CR2
1.10.0.CR3
1.10.0.CR4
1.10.0.CR5
1.10.0.CR6
1.10.0.Final
1.10.1.Final
1.10.2.Final
1.10.3.Final
1.10.4.Final
1.10.5.Final
1.10.6.Final
1.10.7.Final
1.10.8.Final
1.10.9.Final
1.10.10.Final
1.10.11.Final
1.10.12.Final
1.10.13.Final
Maven / org.wildfly.security:wildfly-elytron
Package
- Name
- org.wildfly.security:wildfly-elytron
- View open source insights on deps.dev
- Purl
- pkg:maven/org.wildfly.security/wildfly-elytron
Affected versions
1.*
1.11.0.Final
1.11.1.Final
1.11.2.Final
1.11.3.Final
1.11.4.Final
1.12.0.CR1
1.12.0.CR2
1.12.0.CR3
1.12.0.Final
1.12.1.Final
1.13.0.CR1
1.13.0.CR2
1.13.0.CR3
1.13.0.CR4
1.13.0.Final
1.13.1.Final
1.13.2.Final
1.14.0.Final
1.14.1.Final
1.14.2.Final
1.15.0.CR1
1.15.0.Final
1.15.1.Final
1.15.2.Final
1.15.3.Final
1.15.4.Final
Maven / org.wildfly.security:wildfly-elytron
Package
- Name
- org.wildfly.security:wildfly-elytron
- View open source insights on deps.dev
- Purl
- pkg:maven/org.wildfly.security/wildfly-elytron