CVE-2019-10755

Опубликовано: 23 сент. 2019

Источник: nvd

CVSS3: 4.9

CVSS2: 4

EPSS Низкий

Описание

The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. This issue only affects the 3.X release of pac4j-saml.

Ссылки

https://snyk.io/vuln/SNYK-JAVA-ORGPAC4J-467407
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGPAC4J-467407
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pac4j:pac4j:*:*:*:*:*:*:*:*

Версия от 3.0.0 (включая) до 3.8.2 (включая)

EPSS

Процентиль: 54%

0.00312

Низкий

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-338

Связанные уязвимости

GHSA-rc75-cf5c-mxvh