← voltar
CVE-2019-10755

CVE-2019-10755

EPSS 1.1%
The SAML identifier generated within SAML2Utils.java was found to make use of the apache commons-lang3 RandomStringUtils class which makes them predictable due to RandomStringUtils PRNG's algorithm not being cryptographically strong. This issue only affects the 3.X release of pac4j-saml.
Produtos afetados
n/a · PAC4J For SAML Protocol

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://snyk.io/vuln/SNYK-JAVA-ORGPAC4J-467407