Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:maven/org.wildfly.security/wildfly-elytron@1.15.5.Final
purl pkg:maven/org.wildfly.security/wildfly-elytron@1.15.5.Final
Next non-vulnerable version 1.15.15.Final
Latest non-vulnerable version 2.6.2.Final
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-6ssa-j1q1-c3cs
Aliases:
CVE-2022-3143
GHSA-jmj6-p2j9-68cp
Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses `java.util.Arrays.equals` in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use `java.security.MessageDigest.isEqual` instead. This flaw allows an attacker to access secure information or impersonate an authed user.
1.15.15.Final
Affected by 0 other vulnerabilities.
1.20.3.Final
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-7qwz-74p6-yqhs Observable Discrepancy in Wildfly Elytron A flaw was found in Wildfly Elytron where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality. This flaw affectes Wildfly Elytron versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final. CVE-2021-3642
GHSA-5499-qjvh-6j7w

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T22:19:30.040760+00:00 GitLab Importer Affected by VCID-6ssa-j1q1-c3cs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.security/wildfly-elytron/CVE-2022-3143.yml 38.4.0
2026-04-16T21:55:50.583096+00:00 GitLab Importer Fixing VCID-7qwz-74p6-yqhs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.security/wildfly-elytron/CVE-2021-3642.yml 38.4.0
2026-04-11T23:37:20.724183+00:00 GitLab Importer Affected by VCID-6ssa-j1q1-c3cs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.security/wildfly-elytron/CVE-2022-3143.yml 38.3.0
2026-04-11T23:11:13.952061+00:00 GitLab Importer Fixing VCID-7qwz-74p6-yqhs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.security/wildfly-elytron/CVE-2021-3642.yml 38.3.0
2026-04-02T23:41:42.812711+00:00 GitLab Importer Affected by VCID-6ssa-j1q1-c3cs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.security/wildfly-elytron/CVE-2022-3143.yml 38.1.0
2026-04-02T23:19:42.752817+00:00 GitLab Importer Fixing VCID-7qwz-74p6-yqhs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.security/wildfly-elytron/CVE-2021-3642.yml 38.1.0
2026-04-01T18:04:20.360743+00:00 GitLab Importer Affected by VCID-6ssa-j1q1-c3cs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.security/wildfly-elytron/CVE-2022-3143.yml 38.0.0
2026-04-01T17:40:13.921914+00:00 GitLab Importer Fixing VCID-7qwz-74p6-yqhs https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.security/wildfly-elytron/CVE-2021-3642.yml 38.0.0