VYPR

Maven package

org.apache.jackrabbit/oak-core

pkg:maven/org.apache.jackrabbit/oak-core

Vulnerabilities (1)

  • CVE-2020-1940Jan 28, 2020
    affected >= 1.12.0, < 1.24.0fixed 1.24.0

    The optional initial password change and password expiration features present in Apache Jackrabbit Oak 1.2.0 to 1.22.0 are prone to a sensitive information disclosure vulnerability. The code mandates the changed password to be passed as an additional attribute to the credentials