← volver
CVE-2019-10755

CVE-2019-10755

EPSS 1.1%
The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. This issue only affects the 3.X release of pac4j-saml.
Productos afectados
n/a · PAC4J For SAML Protocol

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://snyk.io/vuln/SNYK-JAVA-ORGPAC4J-467407