← voltar
CVE-2019-10754

CVE-2019-10754

EPSS 1.8%
Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for token and ID generation which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong.
Produtos afetados
n/a · Apereo CAS

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-467402https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-467404https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-467406https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-468868https://snyk.io/vuln/SNYK-JAVA-ORGAPEREOCAS-468869