VulnerableCode Package Details - pkg:maven/org.wildfly.security/wildfly-elytron@1.6.4.Final

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/org.wildfly.security/wildfly-elytron@1.6.4.Final

Essentials
History (4)

purl	pkg:maven/org.wildfly.security/wildfly-elytron@1.6.4.Final

Next non-vulnerable version	1.15.15.Final
Latest non-vulnerable version	2.6.2.Final
Risk

Vulnerabilities affecting this package (4)

Vulnerability	Summary	Fixed by
VCID-1qdu-32ug-q3aj Aliases: CVE-2021-3642 GHSA-5499-qjvh-6j7w	wildfly-elytron: possible timing attack in ScramServer	1.10.14.Final Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.10.14 Affected by 0 other vulnerabilities. 1.15.5.Final Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 1.15.5 Affected by 0 other vulnerabilities. 1.16.1.Final Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 1.16.1 Affected by 0 other vulnerabilities.
VCID-2aab-y62g-zqe4 Aliases: CVE-2020-1748 GHSA-qgrq-cx4c-2rmm	Wildfly: Improper authorization issue in WildFlySecurityManager when using alternative protection domain	1.6.8.Final Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.6.8 Affected by 0 other vulnerabilities.
VCID-3x83-3h6m-cfc2 Aliases: CVE-2022-3143 GHSA-jmj6-p2j9-68cp	Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses `java.util.Arrays.equals` in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use `java.security.MessageDigest.isEqual` instead. This flaw allows an attacker to access secure information or impersonate an authed user.	1.15.15.Final Affected by 0 other vulnerabilities. 1.20.3.Final Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-k1sj-b1bx-g7dw Aliases: CVE-2020-10714 GHSA-7fhr-2694-rg79	wildfly-elytron: session fixation when using FORM authentication	1.11.4.Final Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.11.4 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-30T05:55:24.293176+00:00	GitLab Importer	Affected by	VCID-3x83-3h6m-cfc2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.security/wildfly-elytron/CVE-2022-3143.yml	38.6.0
2026-05-30T05:24:09.051417+00:00	GitLab Importer	Affected by	VCID-1qdu-32ug-q3aj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.security/wildfly-elytron/CVE-2021-3642.yml	38.6.0
2026-05-30T05:04:48.838264+00:00	GitLab Importer	Affected by	VCID-2aab-y62g-zqe4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.security/wildfly-elytron/CVE-2020-1748.yml	38.6.0
2026-05-30T05:04:44.779682+00:00	GitLab Importer	Affected by	VCID-k1sj-b1bx-g7dw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.security/wildfly-elytron/CVE-2020-10714.yml	38.6.0