VYPR

Maven package

org.apache.sling/org.apache.sling.auth.core

pkg:maven/org.apache.sling/org.apache.sling.auth.core

Vulnerabilities (2)

  • CVE-2017-15700HigDec 18, 2017
    affected >= 1.4.0, < 1.4.2fixed 1.4.2

    A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid method in Apache Sling Authentication Service 1.4.0 allows an attacker, through the Sling login form, to trick a victim to send over their credentials.

  • CVE-2013-4390Oct 24, 2013
    affected < 1.1.4fixed 1.1.4

    Open redirect vulnerability in the AbstractAuthenticationFormServlet in the Auth Core (org.apache.sling.auth.core) bundle before 1.1.4 in Apache Sling allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the resource parameter