Search for packages
| purl | pkg:maven/org.wildfly/wildfly-parent@21.0.0.Final |
| Next non-vulnerable version | 23.0.2.Final |
| Latest non-vulnerable version | 23.0.2.Final |
| Risk | 3.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4tqr-jxeh-f7d8
Aliases: CVE-2020-27822 GHSA-qx3p-9mmp-4v8h |
Wildfly has a memory leak vulnerability A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Final, 20.0.0.Final, 20.0.1.Final, and 21.0.0.Final. When an application uses the OpenTracing API's java-interceptors, there is a possibility of a memory leak. This flaw allows an attacker to impact the availability of the server. The highest threat from this vulnerability is to system availability. |
Affected by 1 other vulnerability. Affected by 1 other vulnerability. Affected by 1 other vulnerability. |
|
VCID-ft9p-n5ew-abbf
Aliases: CVE-2021-3536 GHSA-v2wx-jj66-2hp7 |
Cross-site Scripting in Wildfly A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-gmv1-qasy-tbcq | Insertion of Sensitive Information into Log File A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file. |
CVE-2020-25640
GHSA-jw3v-5ch2-wfmm |