High severity7.5NVD Advisory· Published May 21, 2017· Updated May 13, 2026
CVE-2014-9970
CVE-2014-9970
Description
jasypt before 1.9.2 allows a timing attack against the password hash comparison.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.jasypt:jasyptMaven | < 1.9.2 | 1.9.2 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
14- sourceforge.net/p/jasypt/code/668/nvdIssue TrackingPatchThird Party Advisory
- github.com/advisories/GHSA-r5c2-rxh2-f5h2ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-9970ghsaADVISORY
- access.redhat.com/errata/RHSA-2017:2546nvdWEB
- access.redhat.com/errata/RHSA-2017:2547nvdWEB
- access.redhat.com/errata/RHSA-2017:2808nvdWEB
- access.redhat.com/errata/RHSA-2017:2809nvdWEB
- access.redhat.com/errata/RHSA-2017:2810nvdWEB
- access.redhat.com/errata/RHSA-2017:2811nvdWEB
- access.redhat.com/errata/RHSA-2017:3141nvdWEB
- access.redhat.com/errata/RHSA-2018:0294nvdWEB
- sourceforge.net/p/jasypt/code/668ghsaWEB
- www.securitytracker.com/id/1039744nvd
- www.securitytracker.com/id/1040360nvd
News mentions
0No linked articles in our index yet.