Описание
Race condition in the Okta Java SDK
Description
In the Okta Java SDK, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response.
Affected product and versions
You may be affected if you meet the following preconditions:
- Using the Okta Java SDK between versions 11.0.0 and 20.0.0, and
- Implementing a multithreaded application with the ApiClient class where the response status code is used in access control flows
Resolution
Upgrade Okta/okta-sdk-java to versions 21.0.0 or greater.
Пакеты
com.okta.sdk:okta-sdk-root
>= 11.0.0, <= 20.0.0
20.0.1
Связанные уязвимости
Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another request’s response. This issue is fixed in version 20.0.1.