VulnerableCode Package Details - pkg:maven/org.eclipse.milo/sdk-client@0.2.3

Search for packages

Vulnerability	Summary	Fixed by
VCID-u3xw-vnkf-rudu Aliases: CVE-2019-19135 GHSA-pq4w-qm9g-qx68	Insufficient Nonce Validation in Eclipse Milo Client ### Impact Credential replay affecting those connected to a server when all 3 of the following conditions are met: - `SecurityPolicy` is `None` - using username/password or X509-based authentication - the server has a defect causing it to send null/empty or zeroed nonces ### Patches The problem has been patched in version `0.3.6`. A more relaxed treatment of validation as agreed upon by the OPC UA Security Working Group is implemented in version `0.3.7`. ### Workarounds Do not use username/password or X509-based authentication with `SecurityPolicy` of `None`. ### References https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf ### For more information If you have any questions or comments about this advisory: * Open an issue at [https://github.com/eclipse/milo/issues](https://github.com/eclipse/milo/issues) * Email [the mailing list](mailto:milo-dev@eclipse.org)	0.3.5 Affected by 0 other vulnerabilities. 0.3.6 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-u3xw-vnkf-rudu
Aliases:
CVE-2019-19135
GHSA-pq4w-qm9g-qx68

Insufficient Nonce Validation in Eclipse Milo Client ### Impact Credential replay affecting those connected to a server when *all 3* of the following conditions are met: - `SecurityPolicy` is `None` - using username/password or X509-based authentication - the server has a defect causing it to send null/empty or zeroed nonces ### Patches The problem has been patched in version `0.3.6`. A more relaxed treatment of validation as agreed upon by the OPC UA Security Working Group is implemented in version `0.3.7`. ### Workarounds Do not use username/password or X509-based authentication with `SecurityPolicy` of `None`. ### References https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf ### For more information If you have any questions or comments about this advisory: * Open an issue at [https://github.com/eclipse/milo/issues](https://github.com/eclipse/milo/issues) * Email [the mailing list](mailto:milo-dev@eclipse.org)

0.3.5
Affected by 0 other vulnerabilities.

0.3.6
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:01:46.513659+00:00	GitLab Importer	Affected by	VCID-u3xw-vnkf-rudu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.eclipse.milo/sdk-client/CVE-2019-19135.yml	38.4.0
2026-04-11T22:13:04.591334+00:00	GitLab Importer	Affected by	VCID-u3xw-vnkf-rudu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.eclipse.milo/sdk-client/CVE-2019-19135.yml	38.3.0
2026-04-02T22:25:27.637232+00:00	GitLab Importer	Affected by	VCID-u3xw-vnkf-rudu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.eclipse.milo/sdk-client/CVE-2019-19135.yml	38.1.0
2026-04-01T16:43:22.550398+00:00	GitLab Importer	Affected by	VCID-u3xw-vnkf-rudu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.eclipse.milo/sdk-client/CVE-2019-19135.yml	38.0.0