VulnerableCode Package Details - pkg:maven/org.wildfly.security/wildfly-elytron@1.3.0.Final

Search for packages

Vulnerability	Summary	Fixed by
VCID-6ssa-j1q1-c3cs Aliases: CVE-2022-3143 GHSA-jmj6-p2j9-68cp	Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses `java.util.Arrays.equals` in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use `java.security.MessageDigest.isEqual` instead. This flaw allows an attacker to access secure information or impersonate an authed user.	1.15.15.Final Affected by 0 other vulnerabilities. 1.20.3.Final Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-7qwz-74p6-yqhs Aliases: CVE-2021-3642 GHSA-5499-qjvh-6j7w	Observable Discrepancy in Wildfly Elytron A flaw was found in Wildfly Elytron where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality. This flaw affectes Wildfly Elytron versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final.	1.10.14 Affected by 0 other vulnerabilities. 1.10.14.Final Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.15.5 Affected by 0 other vulnerabilities. 1.15.5.Final Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 1.16.1.Final Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 1.16.1 Affected by 0 other vulnerabilities.
VCID-99vp-bk8n-q3cp Aliases: CVE-2020-10714 GHSA-7fhr-2694-rg79	Session Fixation A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.	1.11.4 Affected by 0 other vulnerabilities. 1.11.4.Final Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-bznx-gnst-3qgd Aliases: CVE-2020-1748 GHSA-qgrq-cx4c-2rmm	Incorrect Authorization in WildFly Elytron A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.	1.6.8.Final Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.6.8 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-6ssa-j1q1-c3cs
Aliases:
CVE-2022-3143
GHSA-jmj6-p2j9-68cp

Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses `java.util.Arrays.equals` in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use `java.security.MessageDigest.isEqual` instead. This flaw allows an attacker to access secure information or impersonate an authed user.

1.15.15.Final
Affected by 0 other vulnerabilities.

1.20.3.Final
Affected by 1 other vulnerability.

VCID-7qwz-74p6-yqhs
Aliases:
CVE-2021-3642
GHSA-5499-qjvh-6j7w

Observable Discrepancy in Wildfly Elytron A flaw was found in Wildfly Elytron where ScramServer may be susceptible to Timing Attack if enabled. The highest threat of this vulnerability is confidentiality. This flaw affectes Wildfly Elytron versions prior to 1.10.14.Final, prior to 1.15.5.Final and prior to 1.16.1.Final.

1.10.14
Affected by 0 other vulnerabilities.

1.10.14.Final
Affected by 2 other vulnerabilities.

1.15.5
Affected by 0 other vulnerabilities.

1.15.5.Final
Affected by 1 other vulnerability.

1.16.1.Final
Affected by 1 other vulnerability.

1.16.1
Affected by 0 other vulnerabilities.

VCID-99vp-bk8n-q3cp
Aliases:
CVE-2020-10714
GHSA-7fhr-2694-rg79

Session Fixation A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

1.11.4
Affected by 0 other vulnerabilities.

1.11.4.Final
Affected by 2 other vulnerabilities.

VCID-bznx-gnst-3qgd
Aliases:
CVE-2020-1748
GHSA-qgrq-cx4c-2rmm

Incorrect Authorization in WildFly Elytron A flaw was found in all supported versions before wildfly-elytron-1.6.8.Final-redhat-00001, where the WildFlySecurityManager checks were bypassed when using custom security managers, resulting in an improper authorization. This flaw leads to information exposure by unauthenticated access to secure resources.

1.6.8.Final
Affected by 3 other vulnerabilities.

1.6.8
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:19:29.737545+00:00	GitLab Importer	Affected by	VCID-6ssa-j1q1-c3cs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.security/wildfly-elytron/CVE-2022-3143.yml	38.4.0
2026-04-16T21:55:50.299740+00:00	GitLab Importer	Affected by	VCID-7qwz-74p6-yqhs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.security/wildfly-elytron/CVE-2021-3642.yml	38.4.0
2026-04-16T21:40:33.203144+00:00	GitLab Importer	Affected by	VCID-bznx-gnst-3qgd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.security/wildfly-elytron/CVE-2020-1748.yml	38.4.0
2026-04-16T21:40:30.127210+00:00	GitLab Importer	Affected by	VCID-99vp-bk8n-q3cp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.security/wildfly-elytron/CVE-2020-10714.yml	38.4.0
2026-04-11T23:37:20.390610+00:00	GitLab Importer	Affected by	VCID-6ssa-j1q1-c3cs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.security/wildfly-elytron/CVE-2022-3143.yml	38.3.0
2026-04-11T23:11:13.663705+00:00	GitLab Importer	Affected by	VCID-7qwz-74p6-yqhs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.security/wildfly-elytron/CVE-2021-3642.yml	38.3.0
2026-04-11T22:55:52.069558+00:00	GitLab Importer	Affected by	VCID-bznx-gnst-3qgd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.security/wildfly-elytron/CVE-2020-1748.yml	38.3.0
2026-04-11T22:55:48.558460+00:00	GitLab Importer	Affected by	VCID-99vp-bk8n-q3cp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.security/wildfly-elytron/CVE-2020-10714.yml	38.3.0
2026-04-02T23:41:42.522393+00:00	GitLab Importer	Affected by	VCID-6ssa-j1q1-c3cs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.security/wildfly-elytron/CVE-2022-3143.yml	38.1.0
2026-04-02T23:19:42.480983+00:00	GitLab Importer	Affected by	VCID-7qwz-74p6-yqhs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.security/wildfly-elytron/CVE-2021-3642.yml	38.1.0
2026-04-02T23:04:54.674446+00:00	GitLab Importer	Affected by	VCID-bznx-gnst-3qgd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.security/wildfly-elytron/CVE-2020-1748.yml	38.1.0
2026-04-02T23:04:51.558900+00:00	GitLab Importer	Affected by	VCID-99vp-bk8n-q3cp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.security/wildfly-elytron/CVE-2020-10714.yml	38.1.0
2026-04-01T18:04:20.032352+00:00	GitLab Importer	Affected by	VCID-6ssa-j1q1-c3cs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.security/wildfly-elytron/CVE-2022-3143.yml	38.0.0
2026-04-01T17:40:13.590860+00:00	GitLab Importer	Affected by	VCID-7qwz-74p6-yqhs	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.security/wildfly-elytron/CVE-2021-3642.yml	38.0.0
2026-04-01T17:23:52.824046+00:00	GitLab Importer	Affected by	VCID-bznx-gnst-3qgd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.security/wildfly-elytron/CVE-2020-1748.yml	38.0.0
2026-04-01T17:23:49.514985+00:00	GitLab Importer	Affected by	VCID-99vp-bk8n-q3cp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.security/wildfly-elytron/CVE-2020-10714.yml	38.0.0