VulnerableCode Package Details - pkg:maven/org.eclipse.milo/sdk-client@0.3.5

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-u3xw-vnkf-rudu	Insufficient Nonce Validation in Eclipse Milo Client ### Impact Credential replay affecting those connected to a server when all 3 of the following conditions are met: - `SecurityPolicy` is `None` - using username/password or X509-based authentication - the server has a defect causing it to send null/empty or zeroed nonces ### Patches The problem has been patched in version `0.3.6`. A more relaxed treatment of validation as agreed upon by the OPC UA Security Working Group is implemented in version `0.3.7`. ### Workarounds Do not use username/password or X509-based authentication with `SecurityPolicy` of `None`. ### References https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf ### For more information If you have any questions or comments about this advisory: * Open an issue at [https://github.com/eclipse/milo/issues](https://github.com/eclipse/milo/issues) * Email [the mailing list](mailto:milo-dev@eclipse.org)	CVE-2019-19135 GHSA-pq4w-qm9g-qx68

Vulnerability

Summary

Aliases

VCID-u3xw-vnkf-rudu

Insufficient Nonce Validation in Eclipse Milo Client ### Impact Credential replay affecting those connected to a server when *all 3* of the following conditions are met: - `SecurityPolicy` is `None` - using username/password or X509-based authentication - the server has a defect causing it to send null/empty or zeroed nonces ### Patches The problem has been patched in version `0.3.6`. A more relaxed treatment of validation as agreed upon by the OPC UA Security Working Group is implemented in version `0.3.7`. ### Workarounds Do not use username/password or X509-based authentication with `SecurityPolicy` of `None`. ### References https://opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2019-19135.pdf ### For more information If you have any questions or comments about this advisory: * Open an issue at [https://github.com/eclipse/milo/issues](https://github.com/eclipse/milo/issues) * Email [the mailing list](mailto:milo-dev@eclipse.org)

CVE-2019-19135
GHSA-pq4w-qm9g-qx68

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T21:01:46.561075+00:00	GitLab Importer	Fixing	VCID-u3xw-vnkf-rudu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.eclipse.milo/sdk-client/CVE-2019-19135.yml	38.4.0
2026-04-11T22:13:04.645322+00:00	GitLab Importer	Fixing	VCID-u3xw-vnkf-rudu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.eclipse.milo/sdk-client/CVE-2019-19135.yml	38.3.0
2026-04-02T22:25:27.683893+00:00	GitLab Importer	Fixing	VCID-u3xw-vnkf-rudu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.eclipse.milo/sdk-client/CVE-2019-19135.yml	38.1.0
2026-04-01T16:43:22.612926+00:00	GitLab Importer	Fixing	VCID-u3xw-vnkf-rudu	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.eclipse.milo/sdk-client/CVE-2019-19135.yml	38.0.0