VulnerableCode Package Details - pkg:maven/org.wildfly.security/wildfly-elytron@1.7.0.CR3

Search for packages

Vulnerability	Summary	Fixed by
VCID-1qdu-32ug-q3aj Aliases: CVE-2021-3642 GHSA-5499-qjvh-6j7w	wildfly-elytron: possible timing attack in ScramServer	1.10.14.Final Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.10.14 Affected by 0 other vulnerabilities. 1.15.5.Final Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 1.15.5 Affected by 0 other vulnerabilities. 1.16.1.Final Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} 1.16.1 Affected by 0 other vulnerabilities.
VCID-3x83-3h6m-cfc2 Aliases: CVE-2022-3143 GHSA-jmj6-p2j9-68cp	Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses `java.util.Arrays.equals` in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use `java.security.MessageDigest.isEqual` instead. This flaw allows an attacker to access secure information or impersonate an authed user.	1.15.15.Final Affected by 0 other vulnerabilities. 1.20.3.Final Affected by 0 other vulnerabilities.
VCID-k1sj-b1bx-g7dw Aliases: CVE-2020-10714 GHSA-7fhr-2694-rg79	wildfly-elytron: session fixation when using FORM authentication	1.11.4.Final Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 1.11.4 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-1qdu-32ug-q3aj
Aliases:
CVE-2021-3642
GHSA-5499-qjvh-6j7w

wildfly-elytron: possible timing attack in ScramServer

1.10.14.Final
Affected by 2 other vulnerabilities.

1.10.14
Affected by 0 other vulnerabilities.

1.15.5.Final
Affected by 1 other vulnerability.

1.15.5
Affected by 0 other vulnerabilities.

1.16.1.Final
Affected by 1 other vulnerability.

1.16.1
Affected by 0 other vulnerabilities.

VCID-3x83-3h6m-cfc2
Aliases:
CVE-2022-3143
GHSA-jmj6-p2j9-68cp

Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator wildfly-elytron: possible timing attacks via use of unsafe comparator. A flaw was found in Wildfly-elytron. Wildfly-elytron uses `java.util.Arrays.equals` in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use `java.security.MessageDigest.isEqual` instead. This flaw allows an attacker to access secure information or impersonate an authed user.

1.15.15.Final
Affected by 0 other vulnerabilities.

1.20.3.Final
Affected by 0 other vulnerabilities.

VCID-k1sj-b1bx-g7dw
Aliases:
CVE-2020-10714
GHSA-7fhr-2694-rg79

wildfly-elytron: session fixation when using FORM authentication

1.11.4.Final
Affected by 2 other vulnerabilities.

1.11.4
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-05-30T05:55:24.326167+00:00	GitLab Importer	Affected by	VCID-3x83-3h6m-cfc2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.security/wildfly-elytron/CVE-2022-3143.yml	38.6.0
2026-05-30T05:24:09.080813+00:00	GitLab Importer	Affected by	VCID-1qdu-32ug-q3aj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.security/wildfly-elytron/CVE-2021-3642.yml	38.6.0
2026-05-30T05:04:44.816388+00:00	GitLab Importer	Affected by	VCID-k1sj-b1bx-g7dw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/org.wildfly.security/wildfly-elytron/CVE-2020-10714.yml	38.6.0