Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.apache.cxf.fediz/apache-fediz@1.3.2
purl pkg:maven/org.apache.cxf.fediz/apache-fediz@1.3.2
Next non-vulnerable version 1.3.3
Latest non-vulnerable version 1.4.4
Risk
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-65a6-3ngq-kke9
Aliases:
CVE-2017-7661
GHSA-whw7-h25v-9qvx
Cross-Site Request Forgery (CSRF) Apache CXF Fediz ships with a number of container-specific plugins to enable WS-Federation for applications that were found vulnerable to Cross-Site Request Forgery.
1.4.1
Affected by 0 other vulnerabilities.
VCID-kyy8-szgp-bkfh
Aliases:
CVE-2017-7662
GHSA-f5ch-36rg-vfcc
Cross-Site Request Forgery (CSRF) A malicious web application could create new clients, or reset secrets, etc, after the admin user has logged on to the client registration service and the session is still active.
1.3.3
Affected by 0 other vulnerabilities.
1.4.1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-02T04:36:54.235275+00:00 GitLab Importer Affected by VCID-kyy8-szgp-bkfh https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf.fediz/apache-fediz/CVE-2017-7662.yml 38.6.0
2026-06-02T04:36:54.188537+00:00 GitLab Importer Affected by VCID-65a6-3ngq-kke9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.apache.cxf.fediz/apache-fediz/CVE-2017-7661.yml 38.6.0