CVE-2023-25581
- EPSS 19.03%
- Veröffentlicht 10.10.2024 16:15:04
- Zuletzt bearbeitet 15.10.2024 12:58:51
pac4j is a security framework for Java. `pac4j-core` prior to version 4.0.0 is affected by a Java deserialization vulnerability. The vulnerability affects systems that store externally controlled values in attributes of the `UserProfile` class from p...
CVE-2021-44878
- EPSS 0.14%
- Veröffentlicht 06.01.2022 13:15:08
- Zuletzt bearbeitet 21.11.2024 06:31:38
If an OpenID Connect provider supports the "none" algorithm (i.e., tokens with no signature), pac4j v5.3.0 (and prior) does not refuse it without an explicit configuration on its side or for the "idtoken" response type which is not secure and violate...
CVE-2019-10755
- EPSS 0.31%
- Veröffentlicht 23.09.2019 23:15:10
- Zuletzt bearbeitet 21.11.2024 04:19:51
The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. This issue only ...