Search for packages
| purl | pkg:maven/org.wildfly.security/wildfly-elytron@1.10.16.Final |
| Next non-vulnerable version | 1.15.15.Final |
| Latest non-vulnerable version | 2.6.2.Final |
| Risk |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3x83-3h6m-cfc2
Aliases: CVE-2022-3143 GHSA-jmj6-p2j9-68cp |
Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses `java.util.Arrays.equals` in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use `java.security.MessageDigest.isEqual` instead. This flaw allows an attacker to access secure information or impersonate an authed user. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-k1sj-b1bx-g7dw
Aliases: CVE-2020-10714 GHSA-7fhr-2694-rg79 |
wildfly-elytron: session fixation when using FORM authentication |
Affected by 2 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-05-30T05:55:24.473327+00:00 | GitLab Importer | Affected by | VCID-3x83-3h6m-cfc2 | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.security/wildfly-elytron/CVE-2022-3143.yml | 38.6.0 |
| 2026-05-30T05:04:45.003571+00:00 | GitLab Importer | Affected by | VCID-k1sj-b1bx-g7dw | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.security/wildfly-elytron/CVE-2020-10714.yml | 38.6.0 |